Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-41138 2022-09-20 CRITICAL 9.8 In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
CVE-2022-37883 2022-09-20 HIGH 7.2 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker…
CVE-2022-38340 2022-09-20 CRITICAL 9.1 Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.
CVE-2022-40955 2022-09-20 HIGH 8.8 In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL…
CVE-2022-28639 2022-09-20 HIGH 8.8 A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were…
CVE-2022-35196 2022-09-20 HIGH 8.8 TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVE-2022-34917 2022-09-20 HIGH 7.5 A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on…
CVE-2022-28638 2022-09-20 HIGH 7.8 An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered…
CVE-2022-23695 2022-09-20 HIGH 8.8 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An…
CVE-2022-23694 2022-09-20 HIGH 8.8 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An…
CVE-2017-20148 2022-09-20 CRITICAL 9.8 In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
CVE-2017-20147 2022-09-20 MEDIUM 6.5 In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to…
CVE-2016-20015 2022-09-20 HIGH 7.5 In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to…
CVE-2025-46673 2025-04-27 MEDIUM 4.9 NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security…
CVE-2025-46674 2025-04-27 LOW 3.5 NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.
CVE-2024-31099 2024-04-01 MEDIUM 6.4 Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.
CVE-2025-34028 2025-04-22 CRITICAL 10.0 The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to…
CVE-2024-3517 2024-05-02 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including,…
CVE-2024-3341 2024-05-02 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and…
CVE-2024-1533 2024-05-02 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including,…
CVE-2024-1396 2024-05-02 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including,…
CVE-2023-37888 2024-05-17 HIGH 7.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue…
CVE-2024-1348 2024-05-02 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and…
CVE-2025-2545 2025-05-05 N/A 0.0 Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple…
CVE-2025-47905 2025-05-13 MEDIUM 5.4 Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped…
CVE-2024-51754 2024-11-06 LOW 2.2 Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the…
CVE-2025-5147 2025-05-25 MEDIUM 6.3 A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The…
CVE-2025-5146 2025-05-25 MEDIUM 6.3 A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set…
CVE-2025-32911 2025-04-15 CRITICAL 9.0 A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
CVE-2025-32910 2025-04-14 MEDIUM 6.5 A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32909 2025-04-14 MEDIUM 5.3 A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to…
CVE-2025-32913 2025-04-14 HIGH 7.5 A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup…
CVE-2025-32907 2025-04-14 MEDIUM 5.3 A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the…
CVE-2025-32906 2025-04-14 HIGH 7.5 A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted…
CVE-2025-32053 2025-04-03 MEDIUM 6.5 A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32052 2025-04-03 MEDIUM 6.5 A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32050 2025-04-03 MEDIUM 5.9 A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-47287 2025-05-15 HIGH 7.5 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder…
CVE-2025-0921 2025-05-15 MEDIUM 6.5 Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions…
CVE-2021-28423 2021-07-01 HIGH 8.8 Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php,…
CVE-2023-51756 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-51753 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-50338 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-49904 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-49604 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-49139 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-49137 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-48726 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2023-29857 2023-05-18 MEDIUM 5.3 An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link.
CVE-2022-23126 2022-01-24 CRITICAL 9.8 TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This…
« Anterior Página 1138 de 4308 Siguiente »