Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-22236 2024-01-31 LOW 3.3 In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure…
CVE-2024-20979 2024-01-16 MEDIUM 5.4 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low…
CVE-2024-20971 2024-01-16 MEDIUM 4.9 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability…
CVE-2024-20969 2024-01-16 MEDIUM 5.5 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability…
CVE-2024-20959 2024-01-16 MEDIUM 4.4 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged…
CVE-2024-20955 2024-01-16 LOW 3.7 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK:…
CVE-2024-21673 2024-01-16 HIGH 8.8 This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score…
CVE-2024-1143 2024-02-02 CRITICAL 9.3 Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.
CVE-2024-20938 2024-01-16 MEDIUM 6.1 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access…
CVE-2024-20936 2024-01-16 MEDIUM 6.1 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network…
CVE-2024-20914 2024-01-16 LOW 2.3 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged…
CVE-2024-20912 2024-01-16 LOW 2.7 Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via…
CVE-2024-20910 2024-01-16 LOW 3.0 Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access…
CVE-2023-45718 2024-02-09 LOW 3.9 Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie…
CVE-2023-50933 2024-02-02 MEDIUM 6.1 IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's…
CVE-2024-1077 2024-01-30 HIGH 8.8 Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
CVE-2023-51812 2024-01-04 CRITICAL 9.8 Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.
CVE-2023-50342 2024-01-03 HIGH 7.1 HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access…
CVE-2023-49739 2023-12-14 HIGH 7.1 Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.
CVE-2023-37531 2024-02-29 LOW 3.3 A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field…
CVE-2023-37530 2024-02-29 LOW 3.0 A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying…
CVE-2023-37529 2024-02-29 LOW 3.0 A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying…
CVE-2023-45696 2024-02-10 MEDIUM 4.0 Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.
CVE-2023-45716 2024-02-09 LOW 1.7 Sametime is impacted by sensitive information passed in URL.
CVE-2023-45190 2024-02-09 MEDIUM 5.1 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker…
CVE-2023-31002 2024-02-07 MEDIUM 5.1 IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
CVE-2023-34042 2024-02-05 MEDIUM 4.1 The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file…
CVE-2023-37528 2024-02-03 MEDIUM 6.5 A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the…
CVE-2023-37527 2024-02-02 MEDIUM 5.4 A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application…
CVE-2023-37523 2024-01-16 MEDIUM 5.6 Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the…
CVE-2022-40713 2022-09-19 MEDIUM 6.5 An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to…
CVE-2022-23767 2022-09-19 HIGH 8.8 This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities…
CVE-2022-40712 2022-09-19 MEDIUM 6.1 An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
CVE-2022-38577 2022-09-19 HIGH 8.8 ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
CVE-2022-38833 2022-09-16 HIGH 7.2 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.
CVE-2022-38832 2022-09-16 HIGH 7.2 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.
CVE-2021-42949 2022-09-16 CRITICAL 9.8 The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
CVE-2025-20677 2025-06-02 MEDIUM 5.5 In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User…
CVE-2025-20676 2025-06-02 MEDIUM 5.5 In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed.…
CVE-2024-23388 2024-01-26 MEDIUM 6.1 Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access…
CVE-2023-38317 2024-01-26 CRITICAL 9.8 An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect…
CVE-2022-39008 2022-09-16 CRITICAL 9.1 The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.
CVE-2022-39007 2022-09-16 CRITICAL 9.8 The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-38887 2022-09-19 CRITICAL 9.8 The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.
CVE-2022-39001 2022-09-16 HIGH 7.5 The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.
CVE-2022-38878 2022-09-16 HIGH 7.2 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.
CVE-2022-38877 2022-09-16 HIGH 7.2 Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.
CVE-2022-37250 2022-09-16 MEDIUM 5.4 Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
CVE-2022-2913 2022-09-16 MEDIUM 4.3 The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the…
CVE-2022-2912 2022-09-16 MEDIUM 4.3 The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted…
« Anterior Página 1111 de 4308 Siguiente »