Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-28979 2022-09-22 MEDIUM 6.1 Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain…
CVE-2022-28802 2022-09-21 CRITICAL 9.9 Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose…
CVE-2022-28721 2022-09-26 CRITICAL 9.8 Certain HP Print Products are potentially vulnerable to Remote Code Execution.
CVE-2025-31250 2025-05-12 MEDIUM 5.5 An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2025-31251 2025-05-12 MEDIUM 5.5 The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS…
CVE-2025-31253 2025-05-12 HIGH 7.1 This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result…
CVE-2025-31256 2025-05-12 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
CVE-2025-31257 2025-05-12 MEDIUM 4.7 This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari…
CVE-2025-31258 2025-05-12 MEDIUM 6.5 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
CVE-2025-31259 2025-05-12 HIGH 7.8 The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
CVE-2025-31260 2025-05-12 MEDIUM 5.5 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2023-7229 2025-05-15 MEDIUM 5.5 The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2023-7230 2025-05-15 MEDIUM 6.1 The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform…
CVE-2023-7231 2025-05-15 HIGH 7.3 The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.
CVE-2024-6718 2025-05-15 MEDIUM 5.4 The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode…
CVE-2024-8090 2025-05-15 MEDIUM 6.1 The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-8094 2025-05-15 MEDIUM 6.5 The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-8095 2025-05-15 MEDIUM 6.1 The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-8187 2025-05-15 MEDIUM 4.8 The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-8426 2025-05-15 MEDIUM 4.8 The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-8618 2025-05-15 MEDIUM 4.8 The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2025-4717 2025-05-15 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of…
CVE-2025-4725 2025-05-15 HIGH 7.3 A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the…
CVE-2025-4726 2025-05-15 HIGH 7.3 A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the…
CVE-2025-4728 2025-05-15 HIGH 7.3 A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation…
CVE-2025-4734 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of…
CVE-2025-4736 2025-05-16 HIGH 7.3 A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /register.php. The manipulation…
CVE-2025-3201 2025-05-16 MEDIUM 5.9 The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2025-4751 2025-05-16 MEDIUM 5.3 A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information…
CVE-2025-4757 2025-05-16 HIGH 7.3 A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The…
CVE-2025-4758 2025-05-16 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the…
CVE-2025-4761 2025-05-16 HIGH 7.3 A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the…
CVE-2025-4765 2025-05-16 HIGH 7.3 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/contactus.php. The manipulation of…
CVE-2025-4766 2025-05-16 HIGH 7.3 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php.…
CVE-2024-48758 2024-10-16 MEDIUM 6.1 dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary…
CVE-2024-48249 2024-10-14 HIGH 7.3 Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.
CVE-2024-46911 2024-10-14 MEDIUM 4.7 Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined…
CVE-2024-46468 2024-10-11 HIGH 7.5 A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress
CVE-2024-47378 2024-10-05 HIGH 7.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
CVE-2023-26771 2024-10-04 MEDIUM 6.5 Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload…
CVE-2023-26770 2024-10-04 CRITICAL 9.8 TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.
CVE-2025-2872 2025-05-27 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference…
CVE-2024-55569 2025-05-14 HIGH 7.5 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,…
CVE-2022-41250 2022-09-21 MEDIUM 6.5 A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs…
CVE-2022-41249 2022-09-21 HIGH 8.8 A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained…
CVE-2022-41248 2022-09-21 MEDIUM 5.3 Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture…
CVE-2022-41247 2022-09-21 MEDIUM 4.3 Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by…
CVE-2022-41246 2022-09-21 MEDIUM 6.5 A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs…
CVE-2022-40754 2022-09-21 MEDIUM 6.1 In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
CVE-2022-40604 2022-09-21 HIGH 7.5 In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
« Anterior Página 1156 de 4309 Siguiente »