Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2021-31531 2021-06-29 CRITICAL 9.8 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2021-31530 2021-06-29 HIGH 7.5 Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVE-2021-31777 2021-04-28 MEDIUM 4.9 The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
CVE-2021-31160 2021-06-29 HIGH 7.5 Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2020-28918 2021-02-16 MEDIUM 5.3 DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error…
CVE-2020-28406 2021-01-29 MEDIUM 6.5 An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via…
CVE-2020-28405 2021-01-29 HIGH 8.8 An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can…
CVE-2020-28404 2021-01-29 MEDIUM 6.5 An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
CVE-2020-28403 2021-01-29 HIGH 8.0 A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This…
CVE-2020-8422 2020-01-31 MEDIUM 4.3 An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection…
CVE-2020-28402 2021-01-29 MEDIUM 5.4 An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
CVE-2020-28401 2021-01-29 MEDIUM 6.5 An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
CVE-2020-26167 2020-11-04 CRITICAL 9.8 In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVE-2020-26546 2020-10-12 HIGH 7.5 An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products…
CVE-2020-15595 2020-09-30 MEDIUM 4.3 An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the…
CVE-2020-15594 2020-09-30 MEDIUM 4.3 An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to…
CVE-2023-45927 2024-03-27 CRITICAL 9.1 S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
CVE-2024-3580 2024-05-17 MEDIUM 6.1 The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site…
CVE-2024-3231 2024-05-17 MEDIUM 6.1 The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
CVE-2023-7252 2024-04-22 MEDIUM 5.3 The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
CVE-2024-2761 2024-04-19 MEDIUM 6.8 The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct…
CVE-2024-2309 2024-04-17 MEDIUM 4.8 The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-4924 2024-06-12 MEDIUM 6.1 The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2023-31728 2024-02-17 HIGH 7.0 Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI…
CVE-2025-48252 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through…
CVE-2025-48144 2025-05-16 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
CVE-2025-48138 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
CVE-2024-23985 2024-01-25 HIGH 7.5 EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23902 2024-01-24 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2024-23901 2024-01-24 MEDIUM 6.5 Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting…
CVE-2024-23849 2024-01-23 MEDIUM 5.5 In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.
CVE-2024-23848 2024-01-23 MEDIUM 5.5 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
CVE-2024-23771 2024-01-22 CRITICAL 9.8 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
CVE-2024-23770 2024-01-22 MEDIUM 5.5 darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
CVE-2024-23768 2024-01-22 HIGH 8.8 Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders,…
CVE-2024-23752 2024-01-22 CRITICAL 9.8 GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create…
CVE-2024-23730 2024-01-21 CRITICAL 9.8 The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.
CVE-2024-23726 2024-01-21 HIGH 8.8 Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the…
CVE-2024-23725 2024-01-21 MEDIUM 6.1 Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
CVE-2024-23689 2024-01-19 HIGH 8.8 Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client…
CVE-2024-23685 2024-01-19 MEDIUM 5.3 Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and…
CVE-2024-23679 2024-01-19 CRITICAL 9.8 Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating…
CVE-2024-23387 2024-01-19 MEDIUM 4.8 FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be…
CVE-2024-23348 2024-01-23 HIGH 8.8 Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions…
CVE-2024-23215 2024-01-23 MEDIUM 5.5 An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An…
CVE-2024-23214 2024-01-23 HIGH 8.8 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3.…
CVE-2024-23182 2024-01-23 HIGH 8.1 Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions…
CVE-2024-23212 2024-01-23 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and…
CVE-2024-23209 2024-01-23 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution.
CVE-2024-23204 2024-01-23 HIGH 7.5 The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able…
« Anterior Página 1129 de 4308 Siguiente »