Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2021-42147 2024-01-24 CRITICAL 9.1 Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet.
CVE-2023-31654 2024-01-23 CRITICAL 9.8 Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
CVE-2020-36772 2024-01-22 MEDIUM 4.4 CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file…
CVE-2017-20189 2024-01-22 CRITICAL 9.8 In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
CVE-2024-28809 2024-09-30 HIGH 8.8 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.
CVE-2024-28810 2024-09-30 MEDIUM 6.6 An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by…
CVE-2024-28811 2024-09-30 LOW 3.3 An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP…
CVE-2024-28812 2024-09-30 HIGH 8.8 An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance…
CVE-2024-28813 2024-09-30 HIGH 8.4 An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance…
CVE-2024-28807 2024-09-30 MEDIUM 6.5 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to…
CVE-2024-28808 2024-09-30 LOW 2.7 An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web…
CVE-2025-48136 2025-05-16 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects…
CVE-2025-48137 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
CVE-2025-48135 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through…
CVE-2025-48134 2025-05-16 HIGH 7.2 Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
CVE-2025-48132 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from…
CVE-2023-30394 2023-05-11 MEDIUM 6.1 The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no…
CVE-2024-35388 2024-05-24 HIGH 8.8 TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVE-2024-33377 2024-06-14 HIGH 8.1 LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted…
CVE-2024-33375 2024-06-14 CRITICAL 9.8 LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVE-2024-3767 2024-04-15 MEDIUM 6.3 A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads…
CVE-2025-4226 2025-05-03 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the…
CVE-2025-4695 2025-05-15 MEDIUM 6.3 A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation…
CVE-2024-42514 2024-10-01 HIGH 8.1 A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate…
CVE-2025-44881 2025-05-20 CRITICAL 9.8 A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2025-44880 2025-05-20 CRITICAL 9.8 A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2025-44882 2025-05-20 CRITICAL 9.8 A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2025-33136 2025-05-22 HIGH 7.1 IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection…
CVE-2025-33137 2025-05-22 HIGH 7.1 IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement…
CVE-2025-33138 2025-05-22 MEDIUM 5.4 IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's…
CVE-2024-52874 2025-05-22 HIGH 8.8 In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
CVE-2025-48066 2025-05-22 MEDIUM 6.0 wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the…
CVE-2025-48075 2025-05-22 HIGH 7.5 Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value`…
CVE-2025-48366 2025-05-22 MEDIUM 5.4 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field…
CVE-2025-48368 2025-05-22 MEDIUM 5.4 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing…
CVE-2025-48369 2025-05-22 MEDIUM 5.4 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality,…
CVE-2024-40458 2025-05-22 HIGH 7.8 An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
CVE-2024-40459 2025-05-22 HIGH 7.8 An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
CVE-2024-40460 2025-05-22 HIGH 7.8 An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
CVE-2024-40461 2025-05-22 HIGH 7.8 An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
CVE-2024-40462 2025-05-22 HIGH 7.8 An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
CVE-2024-41195 2025-05-22 CRITICAL 9.8 An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41196 2025-05-22 CRITICAL 9.8 An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41197 2025-05-22 CRITICAL 9.8 An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41198 2025-05-22 CRITICAL 9.8 An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41199 2025-05-22 HIGH 7.2 An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2025-5268 2025-05-27 MEDIUM 6.5 Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2025-5269 2025-05-27 MEDIUM 6.5 Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have…
CVE-2021-29505 2021-05-28 HIGH 7.5 XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights…
CVE-2021-21265 2021-03-10 MEDIUM 6.8 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server…
« Anterior Página 1131 de 4308 Siguiente »