Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-49255 2024-01-12 CRITICAL 9.8 The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state…
CVE-2023-47460 2024-01-16 HIGH 8.8 SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.
CVE-2023-46942 2024-01-13 HIGH 7.5 Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
CVE-2023-43449 2024-01-16 HIGH 8.8 An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
CVE-2023-46749 2024-01-15 MEDIUM 6.5 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update…
CVE-2023-34061 2024-01-12 HIGH 7.5 Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore…
CVE-2023-30015 2024-01-12 CRITICAL 9.8 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.
CVE-2023-30014 2024-01-12 CRITICAL 9.8 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.
CVE-2024-35057 2024-05-21 HIGH 7.5 An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.
CVE-2022-48620 2024-01-12 CRITICAL 9.8 uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.
CVE-2016-20021 2024-01-12 CRITICAL 9.8 In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync…
CVE-2024-35056 2024-05-21 CRITICAL 9.8 NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
CVE-2024-43027 2024-08-21 HIGH 8.0 DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter…
CVE-2025-27522 2025-05-28 MEDIUM 6.5 Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to…
CVE-2024-41334 2025-02-27 HIGH 8.8 Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8,…
CVE-2024-41338 2025-02-27 HIGH 7.5 A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4,…
CVE-2024-27343 2024-04-03 MEDIUM 5.5 Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User…
CVE-2024-27344 2024-04-03 HIGH 7.8 Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF.…
CVE-2024-27345 2024-04-03 LOW 3.3 Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User…
CVE-2024-27346 2024-04-03 MEDIUM 5.5 Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User…
CVE-2024-31584 2024-04-19 MEDIUM 5.5 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2023-50010 2024-04-19 HIGH 7.8 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVE-2023-50009 2024-04-19 HIGH 8.0 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
CVE-2023-50008 2024-04-19 HIGH 7.8 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
CVE-2023-50007 2024-04-19 MEDIUM 4.0 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
CVE-2023-49502 2024-04-19 HIGH 8.8 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
CVE-2023-49501 2024-04-19 HIGH 8.0 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.
CVE-2024-32166 2024-04-19 HIGH 8.8 Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).
CVE-2024-27335 2024-04-03 HIGH 7.8 Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF.…
CVE-2024-27336 2024-04-03 MEDIUM 5.5 Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User…
CVE-2024-27337 2024-04-03 HIGH 7.8 Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
CVE-2024-27338 2024-04-03 HIGH 7.8 Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User…
CVE-2024-27339 2024-04-03 HIGH 7.8 Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF.…
CVE-2024-27340 2024-04-03 HIGH 7.8 Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
CVE-2024-27341 2024-04-03 HIGH 7.8 Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
CVE-2024-27342 2024-04-03 HIGH 7.8 Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF.…
CVE-2025-5154 2025-05-25 LOW 2.3 A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite…
CVE-2025-32813 2025-05-22 HIGH 7.2 An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
CVE-2025-44892 2025-05-21 MEDIUM 6.5 FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
CVE-2025-44895 2025-05-21 MEDIUM 6.5 FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
CVE-2025-27997 2025-05-21 HIGH 8.4 An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
CVE-2025-44083 2025-05-21 CRITICAL 9.8 An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
CVE-2024-41339 2025-02-27 HIGH 8.8 An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to…
CVE-2024-54188 2025-05-22 MEDIUM 5.3 Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
CVE-2024-41340 2025-02-27 HIGH 8.4 An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832…
CVE-2024-41592 2024-10-03 HIGH 8.0 DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
CVE-2025-4696 2025-05-15 MEDIUM 6.3 A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-32814 2025-05-22 CRITICAL 9.8 An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
CVE-2025-32815 2025-05-22 MEDIUM 6.5 An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CVE-2025-5149 2025-05-25 MEDIUM 5.6 A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of…
« Anterior Página 1117 de 4308 Siguiente »