Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5150 2025-05-25 MEDIUM 6.3 A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of…
CVE-2025-5151 2025-05-25 MEDIUM 5.3 A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument…
CVE-2025-5152 2025-05-25 MEDIUM 6.3 A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID…
CVE-2025-5153 2025-05-25 LOW 3.5 A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The…
CVE-2024-46256 2024-09-27 CRITICAL 9.8 A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
CVE-2024-46257 2024-09-27 MEDIUM 6.3 A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of…
CVE-2023-49528 2024-04-12 HIGH 8.0 Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo…
CVE-2024-6119 2024-09-03 HIGH 7.5 Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application…
CVE-2025-5137 2025-05-25 MEDIUM 4.7 A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175.…
CVE-2024-0579 2024-01-16 MEDIUM 6.3 A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument…
CVE-2025-40909 2025-05-30 MEDIUM 5.9 Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working…
CVE-2025-3576 2025-04-15 MEDIUM 5.9 A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over…
CVE-2023-48863 2023-12-04 HIGH 7.5 SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject…
CVE-2023-48842 2023-12-01 CRITICAL 9.8 D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
CVE-2023-4387 2023-08-16 HIGH 7.1 A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash…
CVE-2023-48645 2024-02-02 HIGH 7.8 An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the…
CVE-2025-44115 2025-06-02 MEDIUM 5.4 A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVE-2024-40114 2025-06-02 MEDIUM 6.1 A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious…
CVE-2024-40113 2025-06-02 MEDIUM 6.5 Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
CVE-2023-51842 2024-01-29 HIGH 7.5 An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVE-2024-23782 2024-01-28 MEDIUM 5.4 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions…
CVE-2023-49038 2024-01-29 HIGH 7.2 Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.
CVE-2025-31682 2025-03-31 MEDIUM 4.8 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue affects Google Tag: from 0.0.0 before 1.8.0, from…
CVE-2025-31683 2025-03-31 MEDIUM 6.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.
CVE-2025-31680 2025-03-31 MEDIUM 6.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.
CVE-2025-25090 2025-03-03 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through…
CVE-2024-40112 2025-06-02 MEDIUM 5.9 A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to…
CVE-2023-7200 2024-01-29 MEDIUM 6.1 The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2023-6279 2024-01-29 HIGH 7.1 The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options…
CVE-2023-50854 2023-12-28 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from…
CVE-2023-46838 2024-01-29 HIGH 7.5 Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero…
CVE-2025-5036 2025-06-02 HIGH 7.8 A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash,…
CVE-2025-49113 2025-06-02 CRITICAL 9.9 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading…
CVE-2024-48704 2025-05-23 MEDIUM 6.1 Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVE-2025-31681 2025-03-31 CRITICAL 9.8 Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.
CVE-2024-41511 2024-10-04 LOW 3.9 A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.
CVE-2024-41512 2024-10-04 HIGH 8.8 A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
CVE-2024-41513 2024-10-04 MEDIUM 5.4 A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.
CVE-2024-41514 2024-10-04 MEDIUM 5.4 A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.
CVE-2024-41515 2024-10-04 MEDIUM 5.4 A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick
CVE-2024-41516 2024-10-04 MEDIUM 5.4 A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick
CVE-2024-46325 2024-10-07 MEDIUM 5.5 TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.
CVE-2025-48995 2025-06-02 N/A 0.0 SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`),…
CVE-2025-48994 2025-06-02 N/A 0.0 SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`),…
CVE-2024-8008 2025-06-02 MEDIUM 5.2 A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation…
CVE-2024-7074 2025-06-02 MEDIUM 6.8 An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can…
CVE-2024-7073 2025-06-02 MEDIUM 6.5 A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side…
CVE-2024-3509 2025-06-02 MEDIUM 4.3 A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry…
CVE-2024-1440 2025-06-02 MEDIUM 5.4 An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious…
CVE-2025-48941 2025-06-02 MEDIUM 5.3 MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of…
« Anterior Página 1118 de 4308 Siguiente »