Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-29690 2025-05-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter…
CVE-2025-29689 2025-05-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter…
CVE-2025-29688 2025-05-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter…
CVE-2025-29686 2025-05-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter…
CVE-2025-29691 2025-05-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter…
CVE-2024-21084 2024-04-16 MEDIUM 5.8 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker…
CVE-2024-21091 2024-04-16 MEDIUM 6.5 Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable…
CVE-2024-21002 2024-04-16 LOW 2.5 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle…
CVE-2025-45475 2025-05-27 MEDIUM 5.4 maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.
CVE-2025-22377 2025-05-27 MEDIUM 6.5 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,…
CVE-2024-56193 2025-05-27 MEDIUM 5.1 There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2024-49197 2025-05-27 MEDIUM 6.5 An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a…
CVE-2024-49196 2025-05-27 HIGH 7.5 An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.
CVE-2022-41238 2022-09-21 CRITICAL 9.8 A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.
CVE-2022-37347 2022-09-19 MEDIUM 5.5 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory…
CVE-2022-35782 2022-08-09 MEDIUM 6.5 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35781 2022-08-09 MEDIUM 6.5 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35780 2022-08-09 MEDIUM 6.5 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35779 2022-08-09 HIGH 7.8 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-35777 2022-08-09 HIGH 8.8 Visual Studio Remote Code Execution Vulnerability
CVE-2022-32839 2022-08-24 CRITICAL 9.8 The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS…
CVE-2022-32812 2022-08-24 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be…
CVE-2022-35776 2022-08-09 MEDIUM 6.2 Azure Site Recovery Denial of Service Vulnerability
CVE-2022-35775 2022-08-09 MEDIUM 6.5 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35774 2022-08-09 MEDIUM 4.9 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35773 2022-08-09 HIGH 7.8 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-32811 2022-08-24 HIGH 7.8 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may…
CVE-2022-23948 2022-09-21 HIGH 7.5 A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts…
CVE-2024-21004 2024-04-16 LOW 2.5 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle…
CVE-2025-5278 2025-05-27 MEDIUM 4.4 A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer…
CVE-2025-39407 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0.
CVE-2024-2905 2024-04-25 MEDIUM 6.2 A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions…
CVE-2022-32857 2022-08-24 MEDIUM 4.3 This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005…
CVE-2022-32840 2022-08-24 HIGH 7.8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to…
CVE-2022-32838 2022-08-24 MEDIUM 5.5 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and…
CVE-2022-32837 2022-08-24 HIGH 7.8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to…
CVE-2022-32834 2022-08-24 MEDIUM 5.5 An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app…
CVE-2022-32813 2022-08-24 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS…
CVE-2024-4483 2024-07-29 MEDIUM 5.4 The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored…
CVE-2024-6362 2024-07-29 MEDIUM 4.6 The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block…
CVE-2024-6223 2024-07-30 MEDIUM 6.1 The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading…
CVE-2024-6224 2024-07-30 MEDIUM 5.9 The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as…
CVE-2024-6226 2024-07-30 MEDIUM 6.1 The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-1747 2024-08-01 MEDIUM 6.5 The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them…
CVE-2024-2843 2024-08-01 MEDIUM 6.5 The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users…
CVE-2024-3983 2024-08-01 HIGH 8.1 The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted…
CVE-2024-46328 2024-09-26 HIGH 8.0 VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.
CVE-2024-46329 2024-09-26 HIGH 8.0 VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
CVE-2025-48742 2025-05-27 MEDIUM 5.4 The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.
CVE-2023-47189 2024-06-04 MEDIUM 5.3 Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.
« Anterior Página 1133 de 4308 Siguiente »