Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-50306 2024-11-14 CRITICAL 9.1 Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users…
CVE-2024-23223 2024-01-23 MEDIUM 6.2 A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An…
CVE-2024-23219 2024-01-23 MEDIUM 6.2 The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.
CVE-2024-23218 2024-01-23 MEDIUM 5.9 A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3…
CVE-2024-23301 2024-01-12 MEDIUM 5.5 Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2024-23180 2024-01-23 HIGH 8.8 Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions…
CVE-2024-23210 2024-01-23 LOW 3.3 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An…
CVE-2024-23208 2024-01-23 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may…
CVE-2024-23207 2024-01-23 MEDIUM 5.5 This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4,…
CVE-2024-23172 2024-01-12 MEDIUM 5.4 An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g.,…
CVE-2024-23031 2024-02-01 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2022-37137 2022-09-14 MEDIUM 5.4 PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the…
CVE-2022-34707 2022-08-09 HIGH 7.8 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-34706 2022-08-09 HIGH 7.8 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-34705 2022-08-09 HIGH 7.8 Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2022-34703 2022-08-09 HIGH 7.8 Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2022-34702 2022-08-09 HIGH 8.1 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-34701 2022-08-09 HIGH 7.5 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2024-13254 2025-01-09 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.
CVE-2024-13252 2025-01-09 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.
CVE-2025-4887 2025-05-18 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads…
CVE-2025-4886 2025-05-18 HIGH 7.3 A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation…
CVE-2025-4813 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation…
CVE-2025-4812 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php.…
CVE-2025-4811 2025-05-16 HIGH 7.3 A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php…
CVE-2024-13253 2025-01-09 CRITICAL 9.1 Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.
CVE-2024-13251 2025-01-09 HIGH 8.8 Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.
CVE-2025-2676 2025-03-24 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of…
CVE-2025-2677 2025-03-24 HIGH 7.3 A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of…
CVE-2024-13249 2025-01-09 MEDIUM 5.4 Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2.
CVE-2024-13248 2025-01-09 MEDIUM 5.5 Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.
CVE-2025-2678 2025-03-24 HIGH 7.3 A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of…
CVE-2025-24473 2025-05-28 LOW 3.7 A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information…
CVE-2025-25251 2025-05-28 HIGH 7.8 An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC…
CVE-2025-46777 2025-05-28 LOW 2.3 A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with…
CVE-2025-47294 2025-05-28 MEDIUM 5.3 A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via…
CVE-2025-47295 2025-05-28 LOW 3.7 A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the…
CVE-2025-27702 2025-05-28 MEDIUM 4.9 CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned…
CVE-2025-5332 2025-05-29 HIGH 7.3 A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of…
CVE-2025-48476 2025-05-30 HIGH 8.8 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check…
CVE-2025-48477 2025-05-30 HIGH 8.1 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to…
CVE-2025-48478 2025-05-30 MEDIUM 4.9 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing…
CVE-2025-48479 2025-05-30 LOW 2.7 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any…
CVE-2025-48480 2025-05-30 LOW 2.7 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create…
CVE-2025-48481 2025-05-30 CRITICAL 9.8 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to…
CVE-2025-48482 2025-05-30 MEDIUM 4.3 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill()…
CVE-2025-48483 2025-05-30 MEDIUM 5.4 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation…
CVE-2025-48484 2025-05-30 MEDIUM 5.4 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation…
CVE-2024-13247 2025-01-09 MEDIUM 4.8 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0.
CVE-2025-2679 2025-03-24 HIGH 7.3 A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation…
« Anterior Página 1104 de 4308 Siguiente »