Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-35090 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.
CVE-2022-37881 2022-09-20 HIGH 7.2 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker…
CVE-2022-37880 2022-09-20 HIGH 7.2 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker…
CVE-2022-37879 2022-09-20 HIGH 7.2 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker…
CVE-2022-37878 2022-09-20 HIGH 7.2 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker…
CVE-2022-37395 2022-09-20 HIGH 7.5 A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.
CVE-2022-35089 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.
CVE-2022-35088 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.
CVE-2022-35087 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.
CVE-2022-35086 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVE-2022-33735 2022-09-20 MEDIUM 6.5 There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to…
CVE-2022-2906 2022-09-21 HIGH 7.5 An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to…
CVE-2022-32880 2022-09-20 MEDIUM 6.5 This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.
CVE-2022-32802 2022-09-20 HIGH 7.8 A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file…
CVE-2022-32788 2022-09-20 CRITICAL 9.8 A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote…
CVE-2022-30579 2022-09-20 HIGH 7.1 The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a…
CVE-2022-2881 2022-09-21 MEDIUM 5.5 The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
CVE-2022-28640 2022-09-20 HIGH 8.8 A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO…
CVE-2022-26696 2022-09-20 HIGH 8.8 This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2022-23696 2022-09-20 HIGH 8.8 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An…
CVE-2022-23693 2022-09-20 HIGH 8.8 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An…
CVE-2022-23692 2022-09-20 HIGH 8.8 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An…
CVE-2021-46835 2022-09-20 MEDIUM 4.3 There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
CVE-2021-46834 2022-09-20 MEDIUM 5.5 A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).
CVE-2020-36602 2022-09-20 MEDIUM 6.1 There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends…
CVE-2025-31494 2025-04-15 LOW 3.5 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution…
CVE-2025-3209 2025-04-04 MEDIUM 6.3 A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-44835 2025-05-01 MEDIUM 6.3 D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
CVE-2025-46566 2025-05-01 CRITICAL 9.8 DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched…
CVE-2025-4197 2025-05-02 MEDIUM 6.3 A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_xpatient.php. The manipulation of the…
CVE-2025-3513 2025-05-02 LOW 3.5 The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-3514 2025-05-02 LOW 3.5 The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-3136 2025-04-03 LOW 3.3 A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory…
CVE-2025-3123 2025-04-02 MEDIUM 4.7 A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The…
CVE-2025-1986 2025-04-01 MEDIUM 4.1 The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2025-4250 2025-05-04 HIGH 7.3 A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation…
CVE-2024-29643 2025-04-18 CRITICAL 9.1 An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
CVE-2025-3796 2025-04-18 MEDIUM 6.3 A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the…
CVE-2024-13926 2025-04-19 HIGH 7.5 The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic…
CVE-2025-25228 2025-04-21 LOW 3.8 A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
CVE-2025-29446 2025-04-21 LOW 3.3 open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
CVE-2025-28103 2025-04-21 MEDIUM 6.4 Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
CVE-2025-28104 2025-04-21 CRITICAL 9.1 Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.
CVE-2025-4114 2025-04-30 HIGH 8.8 A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It…
CVE-2025-4543 2025-05-11 HIGH 7.3 A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of the argument sort…
CVE-2024-12679 2025-05-15 MEDIUM 4.8 The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-12680 2025-05-15 MEDIUM 4.8 The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-13482 2025-05-15 MEDIUM 4.8 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-13486 2025-05-15 MEDIUM 4.8 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-8673 2025-05-15 CRITICAL 9.1 The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.
« Anterior Página 1147 de 4308 Siguiente »