Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-24183 2025-05-19 MEDIUM 5.5 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local user may be able to…
CVE-2025-24184 2025-05-19 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS…
CVE-2025-24189 2025-05-19 HIGH 8.8 The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3.…
CVE-2025-31185 2025-05-19 LOW 3.3 A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without…
CVE-2025-31262 2025-05-19 MEDIUM 5.5 A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An…
CVE-2024-7139 2024-12-19 MEDIUM 6.5 Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial…
CVE-2024-7138 2024-12-19 MEDIUM 6.5 An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not…
CVE-2024-7137 2024-12-19 MEDIUM 6.5 The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer…
CVE-2023-49225 2023-12-07 MEDIUM 6.1 A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web…
CVE-2022-40030 2022-09-21 CRITICAL 9.8 SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.
CVE-2022-40029 2022-09-21 MEDIUM 4.8 SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts…
CVE-2022-40028 2022-09-21 MEDIUM 4.8 SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts…
CVE-2022-40616 2022-09-21 HIGH 8.1 IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to.…
CVE-2022-41255 2022-09-21 MEDIUM 6.5 Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access…
CVE-2022-35621 2022-09-21 MEDIUM 5.3 Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
CVE-2022-40027 2022-09-21 MEDIUM 6.1 SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts…
CVE-2022-40026 2022-09-21 HIGH 7.2 SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.
CVE-2022-37027 2022-09-21 HIGH 7.2 Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java…
CVE-2022-30578 2022-09-21 HIGH 8.0 The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored…
CVE-2022-29800 2022-09-21 MEDIUM 4.7 A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run.…
CVE-2021-4297 2023-01-01 MEDIUM 5.5 A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of…
CVE-2025-5032 2025-05-21 HIGH 7.3 A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument…
CVE-2025-3160 2025-04-03 LOW 3.3 A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the…
CVE-2025-4919 2025-05-17 HIGH 8.8 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR…
CVE-2025-4918 2025-05-17 HIGH 7.5 An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR…
CVE-2025-4837 2025-05-17 HIGH 7.3 A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the…
CVE-2023-50771 2023-12-13 MEDIUM 6.1 Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVE-2025-4836 2025-05-17 HIGH 7.3 A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2024-4291 2024-04-27 HIGH 8.8 A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the…
CVE-2025-4806 2025-05-16 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo.…
CVE-2025-25777 2025-04-24 HIGH 8.0 Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker…
CVE-2025-45885 2025-05-09 CRITICAL 9.8 PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly…
CVE-2025-4807 2025-05-16 MEDIUM 5.3 A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information…
CVE-2025-4101 2025-05-17 MEDIUM 4.3 The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in…
CVE-2025-47931 2025-05-17 MEDIUM 6.1 LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form.…
CVE-2025-4814 2025-05-17 HIGH 7.3 A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php.…
CVE-2025-32434 2025-04-18 CRITICAL 9.8 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior,…
CVE-2025-4909 2025-05-19 HIGH 7.3 A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory…
CVE-2025-4923 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The…
CVE-2025-4931 2025-05-19 HIGH 7.3 A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation…
CVE-2025-4934 2025-05-19 HIGH 7.3 A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file…
CVE-2025-4935 2025-05-19 HIGH 7.3 A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the…
CVE-2025-4885 2025-05-18 HIGH 7.3 A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the…
CVE-2025-4884 2025-05-18 HIGH 7.3 A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/assign_save.php. The manipulation…
CVE-2025-4869 2025-05-18 HIGH 7.3 A vulnerability classified as critical has been found in itsourcecode Restaurant Management System 1.0. This affects an unknown part of the file /admin/member_update.php. The manipulation of the argument…
CVE-2024-47619 2025-05-07 HIGH 7.5 syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass…
CVE-2025-48848 2025-05-28 N/A 0.0 Rejected reason: Not used
CVE-2025-48847 2025-05-28 N/A 0.0 Rejected reason: Not used
CVE-2025-48846 2025-05-28 N/A 0.0 Rejected reason: Not used
CVE-2025-48845 2025-05-28 N/A 0.0 Rejected reason: Not used
« Anterior Página 1153 de 4309 Siguiente »