Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-23203 2024-01-23 HIGH 7.5 The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use…
CVE-2024-22663 2024-01-23 CRITICAL 9.8 TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
CVE-2024-22956 2024-01-19 HIGH 7.8 swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838
CVE-2024-22915 2024-01-19 HIGH 7.8 A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.
CVE-2024-22913 2024-01-19 HIGH 7.8 A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.
CVE-2024-22638 2024-01-25 CRITICAL 9.8 liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
CVE-2024-22636 2024-01-25 HIGH 8.8 PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into…
CVE-2024-22497 2024-01-23 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
CVE-2024-10306 2025-04-23 MEDIUM 5.4 A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require…
CVE-2024-0814 2024-01-24 MEDIUM 6.5 Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity:…
CVE-2024-0812 2024-01-24 HIGH 8.8 Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-0808 2024-01-24 CRITICAL 9.8 Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
CVE-2024-0753 2024-01-23 MEDIUM 6.5 In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0758 2024-01-19 MEDIUM 6.1 MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.
CVE-2024-0743 2024-01-23 HIGH 7.5 An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird <…
CVE-2024-0742 2024-01-23 MEDIUM 4.3 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after…
CVE-2024-0741 2024-01-23 MEDIUM 6.5 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox…
CVE-2024-0679 2024-01-20 MEDIUM 6.5 The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2.…
CVE-2023-7194 2024-01-22 MEDIUM 6.1 The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be…
CVE-2023-7170 2024-01-22 MEDIUM 6.1 The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2023-6626 2024-01-22 MEDIUM 4.8 The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2023-7063 2024-01-20 HIGH 7.2 The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input…
CVE-2023-52046 2024-01-25 MEDIUM 4.8 Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as"…
CVE-2023-52328 2024-01-23 MEDIUM 6.1 Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected…
CVE-2023-52324 2024-01-23 HIGH 8.8 An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required…
CVE-2023-52353 2024-01-21 HIGH 7.5 An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then…
CVE-2023-52039 2024-01-24 CRITICAL 9.8 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52038 2024-01-24 CRITICAL 9.8 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
CVE-2023-51886 2024-01-24 HIGH 7.5 Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.
CVE-2023-51926 2024-01-20 HIGH 7.5 YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
CVE-2023-51892 2024-01-20 CRITICAL 9.8 An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
CVE-2023-51885 2024-01-24 CRITICAL 9.8 Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.
CVE-2023-50943 2024-01-24 HIGH 7.5 Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in…
CVE-2023-50274 2024-01-23 HIGH 7.8 HPE OneView may allow command injection with local privilege escalation.
CVE-2023-50693 2024-01-19 CRITICAL 9.8 An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.
CVE-2023-47200 2024-01-23 HIGH 7.8 A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an…
CVE-2023-47199 2024-01-23 HIGH 7.8 An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…
CVE-2023-47194 2024-01-23 HIGH 7.8 An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must…
CVE-2023-47352 2024-01-22 HIGH 8.8 Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords.
CVE-2023-47035 2024-01-19 HIGH 7.5 RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations.
CVE-2023-44001 2024-01-24 MEDIUM 5.4 An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43991 2024-01-24 MEDIUM 5.4 An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-45889 2024-01-23 MEDIUM 6.1 A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of…
CVE-2023-47033 2024-01-19 HIGH 7.5 MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction.
CVE-2023-43990 2024-01-24 MEDIUM 5.4 An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-35835 2024-01-23 CRITICAL 9.8 An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network…
CVE-2023-41178 2024-01-23 MEDIUM 6.1 Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker.…
CVE-2023-41177 2024-01-23 MEDIUM 6.1 Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker.…
CVE-2023-42143 2024-01-23 MEDIUM 5.4 Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file.…
CVE-2023-33759 2024-01-25 CRITICAL 9.8 SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
« Anterior Página 1130 de 4308 Siguiente »