Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-46672 2025-04-27 LOW 3.5 NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
CVE-2025-3954 2025-04-26 LOW 3.7 A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation…
CVE-2025-29915 2025-04-10 HIGH 7.5 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble…
CVE-2023-45913 2024-03-27 MEDIUM 6.2 Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when…
CVE-2023-45931 2024-03-27 HIGH 7.5 Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the…
CVE-2023-45919 2024-03-27 MEDIUM 5.3 Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with…
CVE-2024-24945 2024-02-01 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2024-24331 2024-01-30 CRITICAL 9.8 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVE-2024-24327 2024-01-30 CRITICAL 9.8 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVE-2024-24041 2024-02-01 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2024-24061 2024-02-01 MEDIUM 5.4 springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.
CVE-2024-23940 2024-01-29 HIGH 7.8 Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited…
CVE-2024-23034 2024-02-01 MEDIUM 6.1 Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23033 2024-02-01 MEDIUM 6.1 Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23775 2024-01-31 HIGH 7.5 Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
CVE-2024-22938 2024-01-30 HIGH 7.8 Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
CVE-2024-22859 2024-02-01 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes…
CVE-2024-22647 2024-01-30 MEDIUM 5.3 An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine…
CVE-2024-1069 2024-01-31 HIGH 7.2 The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including,…
CVE-2024-1060 2024-01-30 HIGH 8.8 Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2023-6165 2024-01-29 MEDIUM 4.8 The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2023-51982 2024-01-30 CRITICAL 9.8 CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can…
CVE-2023-51843 2024-01-30 HIGH 8.2 react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.
CVE-2023-51837 2024-01-30 CRITICAL 9.8 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVE-2023-42706 2023-12-04 MEDIUM 5.5 In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information…
CVE-2023-42698 2023-12-04 MEDIUM 5.5 In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information…
CVE-2023-42685 2023-12-04 HIGH 7.8 In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-42681 2023-12-04 HIGH 7.8 In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-37518 2024-01-30 MEDIUM 6.4 HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
CVE-2023-36259 2024-01-30 MEDIUM 5.4 Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
CVE-2023-24049 2023-12-04 CRITICAL 9.8 An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.
CVE-2022-35068 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.
CVE-2022-35067 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.
CVE-2022-35066 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.
CVE-2022-35065 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.
CVE-2022-35064 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.
CVE-2022-35063 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.
CVE-2022-32911 2022-09-20 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An…
CVE-2022-32908 2022-09-20 HIGH 7.8 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur…
CVE-2022-35062 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.
CVE-2022-35061 2022-09-19 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.
CVE-2022-32886 2022-09-20 HIGH 8.8 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web…
CVE-2022-32883 2022-09-20 MEDIUM 5.5 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An…
CVE-2025-37999 2025-05-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O…
CVE-2025-37996 2025-05-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM")…
CVE-2025-37993 2025-05-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is not…
CVE-2025-33043 2025-05-29 MEDIUM 5.8 APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
CVE-2025-48047 2025-05-29 N/A 0.0 An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
CVE-2025-48046 2025-05-29 N/A 0.0 An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
CVE-2025-48045 2025-05-29 N/A 0.0 An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
« Anterior Página 1136 de 4308 Siguiente »