Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-45846 2025-05-08 HIGH 8.8 ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.
CVE-2025-45847 2025-05-08 MEDIUM 6.5 ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
CVE-2025-3475 2025-04-09 MEDIUM 6.5 Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.
CVE-2025-23247 2025-05-27 MEDIUM 4.4 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to…
CVE-2025-31675 2025-03-31 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from…
CVE-2025-31673 2025-03-31 MEDIUM 4.6 Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0…
CVE-2024-55638 2024-12-10 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal…
CVE-2024-55637 2024-12-10 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal…
CVE-2024-55636 2024-12-10 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal…
CVE-2024-55635 2024-12-10 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
CVE-2024-55634 2024-12-10 HIGH 8.1 A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVE-2024-12393 2024-12-10 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11,…
CVE-2024-11942 2024-12-05 MEDIUM 5.9 A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
CVE-2024-11941 2024-12-05 HIGH 7.5 A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
CVE-2024-22628 2024-01-16 HIGH 7.2 Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
CVE-2024-21672 2024-01-16 HIGH 8.8 This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score…
CVE-2023-52104 2024-01-16 HIGH 7.5 Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52100 2024-01-16 HIGH 7.5 The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.
CVE-2023-52116 2024-01-16 HIGH 7.5 Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
CVE-2023-52108 2024-01-16 HIGH 7.5 Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52109 2024-01-16 HIGH 7.5 Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-39691 2024-01-16 CRITICAL 9.8 An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.
CVE-2023-48926 2024-01-16 MEDIUM 5.3 An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.
CVE-2023-49351 2024-01-16 CRITICAL 9.8 A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an…
CVE-2023-3178 2024-01-16 MEDIUM 4.3 The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with…
CVE-2023-2655 2024-01-16 HIGH 7.2 The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…
CVE-2023-0079 2024-01-16 MEDIUM 5.4 The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2022-3899 2024-01-16 HIGH 8.1 The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to…
CVE-2022-3194 2024-01-16 MEDIUM 5.4 The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like…
CVE-2022-1760 2024-01-16 MEDIUM 4.3 The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2022-1609 2024-01-16 CRITICAL 9.8 The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to…
CVE-2021-4227 2024-01-16 MEDIUM 5.3 The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and…
CVE-2021-24869 2024-01-16 HIGH 8.8 The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL…
CVE-2021-24433 2024-01-16 MEDIUM 5.4 The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols,…
CVE-2024-8997 2025-03-18 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025.
CVE-2025-30466 2025-05-29 CRITICAL 9.8 This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may…
CVE-2025-31189 2025-05-29 HIGH 8.2 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able…
CVE-2025-31198 2025-05-29 MEDIUM 5.5 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was…
CVE-2025-31199 2025-05-29 MEDIUM 5.5 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be…
CVE-2025-31231 2025-05-29 MEDIUM 5.5 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
CVE-2025-31261 2025-05-29 MEDIUM 5.5 A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able…
CVE-2025-31263 2025-05-29 CRITICAL 9.1 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
CVE-2025-31264 2025-05-29 MEDIUM 4.6 An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access…
CVE-2024-35753 2024-06-08 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.
CVE-2024-48899 2024-11-20 MEDIUM 4.3 A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to…
CVE-2024-45691 2024-11-20 MEDIUM 5.4 A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose…
CVE-2024-45690 2024-11-20 HIGH 7.5 A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.
CVE-2024-45689 2024-11-20 MEDIUM 6.5 A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission…
CVE-2024-2007 2024-03-21 MEDIUM 5.3 A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The…
CVE-2024-21722 2024-02-29 MEDIUM 6.3 The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
« Anterior Página 1122 de 4308 Siguiente »