Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-32792 2024-06-09 MEDIUM 4.3 Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
CVE-2024-21413 2024-02-13 CRITICAL 9.8 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-24054 2025-03-11 MEDIUM 6.5 External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24985 2025-03-11 HIGH 7.8 Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-30397 2025-05-13 HIGH 7.5 Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVE-2023-37226 2024-09-10 CRITICAL 9.8 Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
CVE-2023-37227 2024-09-10 CRITICAL 9.8 Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
CVE-2023-37231 2024-09-10 CRITICAL 9.8 Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
CVE-2023-43953 2023-10-03 MEDIUM 5.4 SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.
CVE-2024-51360 2025-05-23 CRITICAL 9.8 An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2024-51108 2025-05-23 MEDIUM 5.4 Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts…
CVE-2024-51107 2025-05-23 MEDIUM 4.8 Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts…
CVE-2024-51101 2025-05-23 CRITICAL 9.8 PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.
CVE-2024-48702 2025-05-23 MEDIUM 5.4 PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVE-2024-24140 2024-01-29 HIGH 7.2 Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
CVE-2024-24134 2024-01-29 MEDIUM 4.8 Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.
CVE-2024-23739 2024-01-28 CRITICAL 9.8 An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-22861 2024-01-27 HIGH 7.5 Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
CVE-2024-22639 2024-01-25 MEDIUM 6.1 iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.
CVE-2024-22559 2024-01-29 MEDIUM 5.4 LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
CVE-2024-22551 2024-01-26 MEDIUM 6.1 WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.
CVE-2024-22545 2024-01-26 HIGH 7.8 An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be…
CVE-2024-20253 2024-01-26 CRITICAL 9.9 A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability…
CVE-2024-0824 2024-01-27 MEDIUM 6.4 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due…
CVE-2023-7199 2024-01-29 MEDIUM 5.3 The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request
CVE-2023-6530 2024-01-29 MEDIUM 5.4 The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2023-6391 2024-01-29 HIGH 8.8 The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-0727 2024-01-26 MEDIUM 5.5 Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the…
CVE-2024-0625 2024-01-25 MEDIUM 4.4 The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient…
CVE-2023-51840 2024-01-29 CRITICAL 9.8 DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVE-2023-48202 2024-01-27 MEDIUM 5.4 Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.
CVE-2023-48201 2024-01-27 MEDIUM 5.4 Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text…
CVE-2023-52389 2024-01-27 CRITICAL 9.8 UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates…
CVE-2023-51833 2024-01-25 HIGH 8.1 A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.
CVE-2023-48128 2024-01-26 MEDIUM 5.4 An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-48126 2024-01-26 MEDIUM 5.4 An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-38323 2024-01-26 CRITICAL 9.8 An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect…
CVE-2022-38527 2022-09-19 MEDIUM 6.1 UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
CVE-2022-38509 2022-09-19 CRITICAL 9.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
CVE-2022-35060 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVE-2022-38351 2022-09-19 HIGH 8.8 A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.
CVE-2022-2995 2022-09-19 HIGH 7.1 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to…
CVE-2022-28321 2022-09-19 CRITICAL 9.8 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from…
CVE-2022-28204 2022-09-19 HIGH 7.5 A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
CVE-2024-36795 2024-06-06 MEDIUM 4.0 Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.
CVE-2024-4756 2024-06-07 MEDIUM 5.4 The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-36787 2024-06-07 HIGH 8.8 An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.
CVE-2024-36789 2024-06-07 HIGH 8.1 An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
CVE-2024-36790 2024-06-07 HIGH 8.8 Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.
CVE-2024-36792 2024-06-07 HIGH 8.2 An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.
« Anterior Página 1134 de 4308 Siguiente »