Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-54799 Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce... | N/A | NONE | β | 0 |
| CVE-2025-54885 Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to gene... | N/A | NONE | β | 0 |
| CVE-2025-29865 : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 ... | N/A | NONE | β | 0 |
| CVE-2025-8577 Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-8579 Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-8580 Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | β | 0 |
| CVE-2025-55133 In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js. | 6.4 | MEDIUM | β | 0 |
| CVE-2025-8581 Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-8583 Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | β | 0 |
| CVE-2025-32094 An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" ... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-29866 : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034... | N/A | NONE | β | 0 |
| CVE-2025-35970 On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed ... | 7.5 | HIGH | β | 0 |
| CVE-2025-8533 A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally... | N/A | NONE | β | 0 |
| CVE-2024-52680 EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-56339 IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7Β could allow a remote attacker to bypass security restrictions caused by a failure to honor secur... | 3.7 | LOW | β | 0 |
| CVE-2025-55135 In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-55136 ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used. | 5.7 | MEDIUM | β | 0 |
| CVE-2025-7054 Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-54392 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54393 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-54394 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54395 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-54396 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-41519 Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-41520 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters. | 8.8 | HIGH | β | 0 |
| CVE-2023-41521 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. | 8.8 | HIGH | β | 0 |
| CVE-2023-41522 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. | 8.8 | HIGH | β | 0 |
| CVE-2023-41523 Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-41524 Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-41525 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41526 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41527 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50675 GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute per... | 7.8 | HIGH | β | 0 |
| CVE-2025-50692 FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8697 A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The man... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-45765 ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenS... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability | 10.0 | CRITICAL | β | 0 |
| CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | 8.2 | HIGH | β | 0 |
| CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability | 9.1 | CRITICAL | β | 0 |
| CVE-2025-54787 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of ... | 3.7 | LOW | β | 0 |
| CVE-2025-54368 uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the ar... | N/A | NONE | β | 0 |
| CVE-2025-54952 An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effec... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54886 skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execut... | 8.4 | HIGH | β | 0 |
| CVE-2025-54887 jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of con... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-8708 A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the com... | 5.0 | MEDIUM | β | 0 |
| CVE-2025-54940 An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tamper... | N/A | NONE | β | 0 |
| CVE-2025-54958 Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product. | N/A | NONE | β | 0 |
| CVE-2025-54959 Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed. | N/A | NONE | β | 0 |
| CVE-2025-6572 The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back i... | 5.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.