Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-44581 2024-05-17 MEDIUM 5.0 Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
CVE-2024-37444 2024-11-01 MEDIUM 5.3 Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.
CVE-2024-25595 2024-05-17 MEDIUM 5.3 Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
CVE-2024-13484 2025-01-28 HIGH 8.2 A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule.…
CVE-2025-47851 2025-05-20 MEDIUM 4.8 In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
CVE-2025-47852 2025-05-20 MEDIUM 4.8 In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
CVE-2025-47853 2025-05-20 MEDIUM 4.8 In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
CVE-2025-47854 2025-05-20 MEDIUM 4.3 In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
CVE-2025-3243 2025-04-04 MEDIUM 6.3 A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of…
CVE-2025-3304 2025-04-05 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_not.php. The manipulation of…
CVE-2025-3347 2025-04-07 MEDIUM 6.3 A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the…
CVE-2025-3348 2025-04-07 MEDIUM 6.3 A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument…
CVE-2025-3685 2025-04-16 MEDIUM 6.3 A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_fpatient.php. The manipulation of the…
CVE-2025-4214 2025-05-02 HIGH 7.3 A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation…
CVE-2025-3258 2025-04-04 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.php. The manipulation of the…
CVE-2025-3311 2025-04-06 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Men Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument…
CVE-2024-50419 2024-10-30 MEDIUM 5.4 Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder…
CVE-2024-48426 2024-10-24 MEDIUM 6.2 A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to…
CVE-2024-48343 2024-10-25 MEDIUM 6.3 A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.
CVE-2024-10233 2024-10-29 MEDIUM 6.4 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including,…
CVE-2024-9613 2024-10-26 MEDIUM 6.1 The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to,…
CVE-2025-3689 2025-04-16 HIGH 7.3 A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. The manipulation of…
CVE-2024-39635 2024-11-01 MEDIUM 5.4 Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.
CVE-2025-2608 2025-03-21 MEDIUM 6.3 A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument…
CVE-2024-48061 2024-11-04 CRITICAL 9.8 langflow
CVE-2025-4213 2025-05-02 HIGH 7.3 A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of…
CVE-2025-3728 2025-04-16 MEDIUM 5.3 A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1.0. This vulnerability affects the function Login. The manipulation of the argument uname leads to…
CVE-2025-3928 2025-04-25 HIGH 8.8 Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors…
CVE-2024-9926 2024-11-07 MEDIUM 4.3 The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent…
CVE-2024-50966 2024-11-08 CRITICAL 9.3 dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
CVE-2024-10625 2024-11-09 CRITICAL 9.8 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up…
CVE-2024-10626 2024-11-09 HIGH 8.8 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up…
CVE-2025-5224 2025-05-27 HIGH 7.3 A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the…
CVE-2024-45478 2025-01-21 MEDIUM 4.8 Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes…
CVE-2024-45479 2025-01-21 CRITICAL 9.1 SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this…
CVE-2024-56923 2025-01-22 MEDIUM 5.4 Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1
CVE-2025-0357 2025-01-25 CRITICAL 9.8 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9.…
CVE-2024-12113 2025-01-25 MEDIUM 4.3 The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing…
CVE-2025-5225 2025-05-27 HIGH 7.3 A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.php. The manipulation of…
CVE-2025-5229 2025-05-27 HIGH 7.3 A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-5246 2025-05-27 HIGH 7.3 A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/admin/query-details.php. The manipulation of the argument…
CVE-2025-5298 2025-05-28 HIGH 7.3 A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of…
CVE-2025-2912 2025-03-28 LOW 3.3 A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The…
CVE-2025-2913 2025-03-28 LOW 3.3 A vulnerability was found in HDF5 up to 1.14.6. It has been rated as problematic. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The…
CVE-2024-10720 2025-03-20 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts…
CVE-2024-10722 2025-03-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability allows attackers to inject malicious scripts into the 'Description' field of custom fields in the…
CVE-2024-10723 2025-03-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the…
CVE-2024-10724 2025-03-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker…
CVE-2024-10725 2025-03-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in…
CVE-2024-10719 2025-03-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the…
« Anterior Página 1139 de 4308 Siguiente »