Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47748 2025-05-28 MEDIUM 5.3 Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.
CVE-2025-48746 2025-05-28 MEDIUM 6.5 Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.
CVE-2025-48416 2025-05-21 HIGH 8.1 An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the…
CVE-2024-7097 2025-05-30 MEDIUM 4.3 An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration…
CVE-2024-57336 2025-05-28 MEDIUM 6.5 Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access.
CVE-2024-27199 2024-03-04 HIGH 7.3 In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVE-2022-32810 2022-08-24 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able…
CVE-2022-32793 2022-08-24 HIGH 7.5 Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An…
CVE-2022-26776 2022-05-26 CRITICAL 9.8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application…
CVE-2022-26775 2022-05-26 CRITICAL 9.8 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause…
CVE-2022-26774 2022-05-26 HIGH 7.8 A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2022-26773 2022-05-26 HIGH 7.1 A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which…
CVE-2022-26772 2022-05-26 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with…
CVE-2022-26771 2022-05-26 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may…
CVE-2024-20082 2024-08-14 CRITICAL 9.8 In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User…
CVE-2024-20083 2024-08-14 CRITICAL 9.8 In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges…
CVE-2025-40573 2025-05-13 MEDIUM 4.4 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore…
CVE-2025-40575 2025-05-13 MEDIUM 4.3 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw…
CVE-2025-40582 2025-05-13 HIGH 7.8 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could…
CVE-2025-40583 2025-05-13 MEDIUM 4.4 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could…
CVE-2023-40490 2024-05-07 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User…
CVE-2025-4679 2025-05-16 MEDIUM 6.5 A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
CVE-2024-6487 2024-07-29 MEDIUM 5.9 The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-6366 2024-07-29 CRITICAL 9.1 The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
CVE-2024-6021 2024-07-30 MEDIUM 6.8 The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability
CVE-2024-3113 2024-07-30 MEDIUM 5.9 The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow…
CVE-2024-36782 2024-06-03 CRITICAL 9.8 TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-34009 2024-05-31 HIGH 7.5 Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVE-2024-34007 2024-05-31 HIGH 8.8 The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.
CVE-2024-34006 2024-05-31 MEDIUM 4.3 The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
CVE-2024-34001 2024-05-31 HIGH 8.4 Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.
CVE-2024-34000 2024-05-31 MEDIUM 4.3 ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
CVE-2024-33999 2024-05-31 CRITICAL 9.8 The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVE-2024-33998 2024-05-31 MEDIUM 5.4 Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
CVE-2024-33997 2024-05-31 MEDIUM 6.1 Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
CVE-2024-33996 2024-05-31 MEDIUM 6.2 Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to…
CVE-2023-30309 2024-05-28 MEDIUM 5.7 An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.
CVE-2024-42191 2025-05-30 MEDIUM 6.5 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVE-2024-42190 2025-05-30 MEDIUM 6.5 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVE-2024-23589 2025-05-30 MEDIUM 6.8 Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs…
CVE-2024-13917 2025-05-30 N/A 0.0 An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any…
CVE-2024-13916 2025-05-30 N/A 0.0 An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public…
CVE-2024-13915 2025-05-30 N/A 0.0 Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service…
CVE-2025-4992 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary…
CVE-2025-4991 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script…
CVE-2025-4990 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code…
CVE-2025-4989 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in…
CVE-2025-4988 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script…
CVE-2025-4986 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code…
CVE-2025-4985 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script…
« Anterior Página 1125 de 4308 Siguiente »