Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-44855 2024-04-12 MEDIUM 6.5 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and…
CVE-2024-1752 2024-04-08 MEDIUM 6.1 The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-29686 2024-03-29 HIGH 7.2 Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin…
CVE-2024-29776 2024-03-27 MEDIUM 5.9 Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVE-2024-29272 2024-03-22 MEDIUM 6.5 Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
CVE-2024-25168 2024-03-22 MEDIUM 6.3 SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
CVE-2024-28559 2024-03-22 HIGH 8.8 SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.
CVE-2024-28560 2024-03-22 MEDIUM 5.4 SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.
CVE-2024-30187 2024-03-25 MEDIUM 5.3 Anope before 2.0.15 does not prevent resetting the password of a suspended account.
CVE-2024-2864 2024-03-25 HIGH 7.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.
CVE-2024-25807 2024-03-22 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.
CVE-2024-26557 2024-03-22 MEDIUM 5.4 Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.
CVE-2024-25808 2024-03-22 HIGH 8.3 Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.
CVE-2024-29271 2024-03-22 MEDIUM 6.1 Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
CVE-2024-3601 2024-05-02 MEDIUM 5.3 The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function…
CVE-2024-9462 2024-10-26 MEDIUM 5.5 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and…
CVE-2024-9475 2024-10-26 MEDIUM 4.9 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to,…
CVE-2024-12115 2024-12-07 MEDIUM 4.3 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This…
CVE-2024-3600 2024-04-19 HIGH 7.2 The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action…
CVE-2023-49453 2024-03-12 MEDIUM 6.1 Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.
CVE-2023-41504 2024-03-13 HIGH 8.8 SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.
CVE-2023-41505 2024-03-13 CRITICAL 9.8 An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted…
CVE-2025-5270 2025-05-27 HIGH 7.5 In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139.
CVE-2025-5271 2025-05-27 MEDIUM 6.5 Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139.
CVE-2025-5272 2025-05-27 HIGH 7.3 Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2025-2847 2025-03-27 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation…
CVE-2025-2122 2025-03-09 LOW 3.1 A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection…
CVE-2025-5129 2025-05-24 HIGH 7.0 A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation…
CVE-2025-2151 2025-03-10 MEDIUM 6.3 A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File…
CVE-2025-3395 2025-04-30 HIGH 7.1 Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
CVE-2025-3394 2025-04-30 HIGH 7.8 Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
CVE-2024-51319 2025-03-11 HIGH 7.3 A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse…
CVE-2025-5215 2025-05-27 HIGH 8.8 A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads…
CVE-2025-5205 2025-05-26 HIGH 7.3 A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwr_entry.php. The…
CVE-2025-5204 2025-05-26 LOW 3.3 A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to…
CVE-2025-5203 2025-05-26 LOW 3.3 A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library…
CVE-2025-5202 2025-05-26 LOW 3.3 A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file…
CVE-2025-5201 2025-05-26 LOW 3.3 A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation…
CVE-2025-5200 2025-05-26 LOW 3.3 A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads…
CVE-2025-5196 2025-05-26 MEDIUM 6.6 A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua…
CVE-2025-5186 2025-05-26 MEDIUM 6.3 A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form…
CVE-2025-5136 2025-05-25 LOW 3.7 A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment…
CVE-2025-5132 2025-05-24 MEDIUM 4.3 A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation…
CVE-2025-5130 2025-05-24 MEDIUM 4.7 A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of…
CVE-2025-5128 2025-05-24 HIGH 7.3 A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel.…
CVE-2025-5127 2025-05-24 LOW 3.5 A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation…
CVE-2025-5126 2025-05-24 HIGH 8.8 A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument…
CVE-2025-48734 2025-05-28 HIGH 8.8 Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class…
CVE-2025-5124 2025-05-24 HIGH 8.1 A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the…
CVE-2022-43502 2025-05-28 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
« Anterior Página 1144 de 4308 Siguiente »