Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-1813 2025-03-02 MEDIUM 4.3 A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery.…
CVE-2025-22212 2025-03-05 LOW 2.7 A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management…
CVE-2025-2120 2025-03-09 LOW 2.1 A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file…
CVE-2025-2121 2025-03-09 MEDIUM 6.3 A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The…
CVE-2024-12964 2024-12-26 HIGH 7.3 A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file…
CVE-2024-43158 2024-11-01 HIGH 7.5 Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.4.
CVE-2024-43159 2024-11-01 MEDIUM 5.3 Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.6.
CVE-2023-50904 2024-12-09 MEDIUM 5.3 Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0.
CVE-2023-45766 2025-01-02 MEDIUM 5.3 Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.
CVE-2024-12986 2024-12-27 HIGH 7.3 A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the…
CVE-2024-56295 2025-01-15 MEDIUM 6.5 Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.
CVE-2024-12988 2024-12-27 HIGH 7.3 A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header…
CVE-2024-48814 2025-01-03 HIGH 7.5 SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function
CVE-2025-26817 2025-04-03 CRITICAL 9.8 Netwrix Password Secure 9.2.0.32454 allows OS command injection.
CVE-2025-3155 2025-04-03 HIGH 7.4 A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents,…
CVE-2024-20076 2024-07-01 HIGH 7.5 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User…
CVE-2024-13189 2025-01-08 HIGH 7.3 A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It…
CVE-2024-20077 2024-07-01 HIGH 7.5 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User…
CVE-2024-20078 2024-07-01 CRITICAL 9.8 In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User…
CVE-2024-20080 2024-07-01 CRITICAL 9.8 In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges…
CVE-2024-13191 2025-01-08 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the…
CVE-2024-31403 2024-06-11 MEDIUM 5.4 Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
CVE-2024-31404 2024-06-11 MEDIUM 4.3 Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to…
CVE-2025-4050 2025-05-05 HIGH 8.8 Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2025-4051 2025-05-05 MEDIUM 6.3 Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary…
CVE-2025-4052 2025-05-05 CRITICAL 9.8 Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access…
CVE-2025-4096 2025-05-05 HIGH 8.8 Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-46335 2025-05-05 MEDIUM 5.4 Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in…
CVE-2024-4669 2024-06-11 MEDIUM 6.4 The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to,…
CVE-2024-0427 2024-06-12 MEDIUM 6.3 The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.
CVE-2025-1909 2025-05-05 CRITICAL 9.8 The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user…
CVE-2025-4359 2025-05-06 HIGH 7.3 A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of…
CVE-2025-4360 2025-05-06 HIGH 7.3 A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php.…
CVE-2025-4362 2025-05-06 HIGH 7.3 A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id…
CVE-2025-4372 2025-05-06 HIGH 8.8 Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2023-6487 2024-05-22 MEDIUM 4.4 The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due…
CVE-2024-2119 2024-05-22 MEDIUM 6.1 The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to…
CVE-2024-2953 2024-05-22 MEDIUM 5.5 The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input…
CVE-2024-35409 2024-05-22 CRITICAL 9.8 WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.
CVE-2024-1805 2024-05-02 MEDIUM 6.4 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input…
CVE-2024-1840 2024-05-02 MEDIUM 6.4 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient…
CVE-2024-1841 2024-05-02 MEDIUM 6.4 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient…
CVE-2024-1842 2024-05-02 MEDIUM 6.4 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient…
CVE-2024-22871 2024-02-29 HIGH 7.5 An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.
CVE-2023-50378 2024-03-01 MEDIUM 6.1 Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions,…
CVE-2024-27138 2024-03-01 HIGH 7.5 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache…
CVE-2024-27139 2024-03-01 HIGH 7.5 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account…
CVE-2024-27140 2024-03-01 MEDIUM 5.4 ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this…
CVE-2024-24766 2024-03-06 MEDIUM 6.2 CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the…
CVE-2024-5709 2024-08-06 HIGH 8.8 The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it…
« Anterior Página 1140 de 4308 Siguiente »