Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-31226 2025-05-12 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS…
CVE-2025-31227 2025-05-12 MEDIUM 4.6 A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be…
CVE-2025-31228 2025-05-12 MEDIUM 6.8 The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may…
CVE-2025-31232 2025-05-12 HIGH 7.1 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able…
CVE-2025-31233 2025-05-12 MEDIUM 6.3 The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS…
CVE-2025-31234 2025-05-12 HIGH 8.2 The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may…
CVE-2025-31235 2025-05-12 MEDIUM 6.5 A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app…
CVE-2025-31236 2025-05-12 MEDIUM 5.5 An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2025-31237 2025-05-12 HIGH 7.5 This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share…
CVE-2025-31238 2025-05-12 HIGH 7.3 The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5.…
CVE-2025-31239 2025-05-12 LOW 3.3 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5,…
CVE-2025-31240 2025-05-12 HIGH 7.5 This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share…
CVE-2025-31241 2025-05-12 MEDIUM 5.3 A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS…
CVE-2025-26369 2025-02-12 HIGH 8.8 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via…
CVE-2023-43652 2023-09-27 HIGH 8.2 JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key…
CVE-2023-29336 2023-05-09 HIGH 7.8 Win32k Elevation of Privilege Vulnerability
CVE-2025-4632 2025-05-13 CRITICAL 9.8 Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
CVE-2023-36479 2023-09-15 LOW 3.5 Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed.…
CVE-2022-29799 2022-09-21 MEDIUM 5.5 A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory…
CVE-2022-23951 2022-09-21 MEDIUM 5.5 In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
CVE-2022-23950 2022-09-21 HIGH 7.5 In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
CVE-2022-23949 2022-09-21 HIGH 7.5 In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
CVE-2021-43310 2022-09-21 CRITICAL 9.8 A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were…
CVE-2025-31242 2025-05-12 MEDIUM 5.5 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma…
CVE-2025-31244 2025-05-12 HIGH 8.8 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
CVE-2025-31245 2025-05-12 MEDIUM 5.5 The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS…
CVE-2025-31246 2025-05-12 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel…
CVE-2025-31247 2025-05-12 HIGH 7.5 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access…
CVE-2024-6884 2024-08-08 MEDIUM 5.4 The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a…
CVE-2022-32174 2022-10-11 CRITICAL 9.0 In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
CVE-2022-31022 2022-06-01 MEDIUM 6.2 Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for…
CVE-2021-21353 2021-03-03 MEDIUM 6.8 Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of…
CVE-2022-32176 2022-10-17 CRITICAL 9.0 In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library.…
CVE-2024-6158 2024-08-12 MEDIUM 4.8 The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them…
CVE-2024-6330 2024-08-19 CRITICAL 9.8 The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
CVE-2021-4226 2022-12-15 CRITICAL 9.8 RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
CVE-2024-6451 2024-08-19 HIGH 7.2 AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing…
CVE-2024-6843 2024-08-19 MEDIUM 6.1 The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
CVE-2024-6847 2024-08-20 CRITICAL 9.8 The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection…
CVE-2024-48655 2024-10-25 HIGH 8.8 An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
CVE-2024-48191 2024-10-28 MEDIUM 6.3 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
CVE-2024-48291 2024-10-28 MEDIUM 6.3 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
CVE-2024-42835 2024-10-31 CRITICAL 9.8 langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
CVE-2024-51407 2024-11-01 MEDIUM 6.2 Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies.
CVE-2023-38952 2023-08-03 HIGH 7.5 Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type…
CVE-2023-38951 2023-08-03 CRITICAL 9.8 ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse…
CVE-2022-32843 2022-09-23 HIGH 7.1 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a…
CVE-2022-32832 2022-09-23 MEDIUM 6.7 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey…
CVE-2022-32807 2022-09-23 HIGH 7.1 This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be…
CVE-2022-28722 2022-09-26 CRITICAL 9.8 Certain HP Print Products are potentially vulnerable to Buffer Overflow.
« Anterior Página 1155 de 4309 Siguiente »