Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-39963 2024-07-19 HIGH 8.0 AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE)…
CVE-2024-41281 2024-07-19 HIGH 8.8 Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.
CVE-2024-8521 2024-09-07 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO.…
CVE-2024-8023 2024-08-21 MEDIUM 6.3 A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It…
CVE-2024-13244 2025-01-09 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.
CVE-2024-41726 2024-07-29 HIGH 7.5 Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can…
CVE-2024-41139 2024-07-29 HIGH 7.8 Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is…
CVE-2024-10076 2025-05-15 MEDIUM 5.9 The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately,…
CVE-2024-13243 2025-01-09 MEDIUM 6.5 Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.
CVE-2024-13242 2025-01-09 CRITICAL 9.1 Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.
CVE-2024-10075 2025-05-15 MEDIUM 5.6 The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users…
CVE-2024-40400 2024-07-19 HIGH 8.8 An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2024-13241 2025-01-09 CRITICAL 9.1 Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
CVE-2024-13240 2025-01-09 HIGH 7.5 Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
CVE-2024-13239 2025-01-09 CRITICAL 9.8 Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
CVE-2023-5934 2025-05-15 HIGH 7.3 The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow…
CVE-2025-40581 2025-05-13 HIGH 7.1 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could…
CVE-2025-40580 2025-05-13 MEDIUM 6.7 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to…
CVE-2025-40579 2025-05-13 MEDIUM 6.7 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to…
CVE-2025-40578 2025-05-13 MEDIUM 4.3 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote…
CVE-2025-40577 2025-05-13 MEDIUM 4.3 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw…
CVE-2025-40576 2025-05-13 MEDIUM 4.3 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw…
CVE-2024-13238 2025-01-09 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.
CVE-2025-40574 2025-05-13 HIGH 7.8 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker…
CVE-2025-40572 2025-05-13 MEDIUM 5.5 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker…
CVE-2024-13237 2025-01-09 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from…
CVE-2024-8854 2025-05-15 MEDIUM 5.4 The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform…
CVE-2024-8851 2025-05-15 MEDIUM 5.4 The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform…
CVE-2023-5932 2025-05-15 MEDIUM 4.8 The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to…
CVE-2024-13250 2025-01-09 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.
CVE-2023-5529 2025-05-15 MEDIUM 4.8 The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-3742 2025-05-15 MEDIUM 6.8 The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow…
CVE-2024-13255 2025-01-09 HIGH 7.5 Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.
CVE-2024-2870 2024-07-13 MEDIUM 6.1 The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-2696 2024-07-12 MEDIUM 4.8 The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-46330 2024-09-26 HIGH 7.4 VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.
CVE-2024-50305 2024-11-14 HIGH 7.5 Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to…
CVE-2025-5594 2025-06-04 HIGH 7.3 A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads…
CVE-2025-5593 2025-06-04 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads…
CVE-2025-27955 2025-06-02 MEDIUM 6.5 Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute…
CVE-2025-27954 2025-06-02 MEDIUM 6.5 An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVE-2024-23941 2024-02-01 MEDIUM 5.4 Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary…
CVE-2024-23851 2024-01-23 MEDIUM 5.5 copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related…
CVE-2024-23746 2024-02-02 CRITICAL 9.8 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via…
CVE-2024-23744 2024-01-21 HIGH 7.5 An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
CVE-2024-23731 2024-01-21 CRITICAL 9.8 The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.
CVE-2024-23681 2024-01-19 HIGH 8.2 Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this…
CVE-2024-23452 2024-02-08 HIGH 7.5 Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the…
CVE-2024-23304 2024-02-06 HIGH 7.5 Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
CVE-2024-23453 2024-01-24 MEDIUM 5.5 Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered.…
« Anterior Página 1103 de 4308 Siguiente »