Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-47994 2024-01-09 HIGH 8.8 An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47890 2024-01-08 HIGH 8.8 pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
CVE-2023-46474 2024-01-11 HIGH 7.2 File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
CVE-2023-46836 2024-01-05 MEDIUM 4.7 The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs…
CVE-2023-46308 2024-01-03 CRITICAL 9.8 In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
CVE-2023-42933 2024-01-10 HIGH 7.8 This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges.
CVE-2023-42872 2024-01-10 MEDIUM 5.5 The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access…
CVE-2023-45559 2024-01-03 HIGH 8.2 An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45722 2024-01-03 HIGH 8.8 HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file…
CVE-2023-42866 2024-01-10 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing…
CVE-2023-42831 2024-01-10 MEDIUM 5.5 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura…
CVE-2023-42828 2024-01-10 HIGH 7.8 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.
CVE-2023-40529 2024-01-10 LOW 2.4 This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device…
CVE-2023-40437 2024-01-10 MEDIUM 5.5 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app…
CVE-2023-40433 2024-01-10 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.
CVE-2023-38827 2024-01-09 MEDIUM 6.1 Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do.
CVE-2023-39336 2024-01-09 HIGH 8.8 An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL…
CVE-2023-37644 2024-01-11 MEDIUM 5.5 SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.
CVE-2023-38612 2024-01-10 LOW 3.3 The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14,…
CVE-2023-38607 2024-01-10 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings.
CVE-2023-37608 2024-01-03 HIGH 7.5 An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech…
CVE-2023-37607 2024-01-03 HIGH 7.5 Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
CVE-2023-34328 2024-01-05 MEDIUM 5.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.…
CVE-2023-34327 2024-01-05 MEDIUM 5.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.…
CVE-2023-32886 2024-01-02 HIGH 7.5 In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with…
CVE-2023-32884 2024-01-02 MEDIUM 6.7 In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User…
CVE-2023-32883 2024-01-02 MEDIUM 6.7 In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution…
CVE-2023-32876 2024-01-02 MEDIUM 4.4 In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction…
CVE-2023-32872 2024-01-02 MEDIUM 6.7 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges…
CVE-2023-32424 2024-01-10 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code…
CVE-2023-28185 2024-01-10 MEDIUM 5.5 An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS…
CVE-2023-29962 2024-01-04 MEDIUM 6.5 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2022-48504 2024-01-10 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
CVE-2023-26998 2024-01-09 MEDIUM 5.4 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
CVE-2022-3328 2024-01-08 HIGH 7.8 Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2020-26627 2024-01-10 MEDIUM 4.9 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the…
CVE-2020-26623 2024-01-02 LOW 3.8 SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after…
CVE-2022-39009 2022-09-16 CRITICAL 9.8 The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
CVE-2018-25095 2024-01-08 CRITICAL 9.8 The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on…
CVE-2024-22776 2024-02-23 MEDIUM 4.7 Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.
CVE-2024-29320 2024-04-30 HIGH 8.1 Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.
CVE-2024-55371 2025-04-16 CRITICAL 9.8 Wallos
CVE-2024-55372 2025-04-16 CRITICAL 9.8 Wallos
CVE-2024-51508 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVE-2024-51509 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVE-2024-51507 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVE-2024-51506 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVE-2025-47226 2025-05-02 MEDIUM 5.0 Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
CVE-2020-16165 2020-07-30 CRITICAL 9.8 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
CVE-2024-33332 2024-04-30 HIGH 7.5 An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
« Anterior Página 1115 de 4308 Siguiente »