Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-39975 2022-09-22 MEDIUM 4.3 The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing…
CVE-2022-37246 2022-09-21 MEDIUM 5.4 Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
CVE-2022-37026 2022-09-21 CRITICAL 9.8 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
CVE-2022-38928 2022-09-21 HIGH 7.8 XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2022-35085 2022-09-21 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-37877 2022-09-20 HIGH 7.8 A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users…
CVE-2022-32211 2022-09-23 HIGH 8.8 A SQL injection vulnerability exists in Rocket.Chat
CVE-2022-28978 2022-09-22 MEDIUM 5.4 Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1…
CVE-2022-32882 2022-09-20 CRITICAL 9.8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.
CVE-2022-32861 2022-09-20 MEDIUM 5.3 A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.
CVE-2022-28637 2022-09-20 HIGH 7.8 A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE…
CVE-2022-23685 2022-09-20 HIGH 8.8 A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a…
CVE-2024-46333 2024-09-27 MEDIUM 4.8 An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter…
CVE-2024-46510 2024-09-30 HIGH 7.6 ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface
CVE-2024-9411 2024-10-01 LOW 3.5 A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to…
CVE-2024-46485 2024-09-25 MEDIUM 6.3 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
CVE-2024-46600 2024-09-25 MEDIUM 4.7 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
CVE-2024-46632 2024-09-26 MEDIUM 4.3 Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVE-2025-3045 2025-04-01 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of…
CVE-2025-30849 2025-04-01 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects…
CVE-2025-30870 2025-04-01 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This…
CVE-2022-48733 2024-06-20 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and…
CVE-2024-38577 2024-06-19 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to…
CVE-2024-38581 2024-06-19 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c
CVE-2022-48740 2024-06-20 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy()…
CVE-2024-13553 2025-04-01 CRITICAL 9.8 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is…
CVE-2025-3121 2025-04-02 LOW 3.3 A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach…
CVE-2024-43151 2024-08-12 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects…
CVE-2024-43156 2024-08-12 HIGH 7.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a…
CVE-2024-6724 2024-08-13 MEDIUM 4.8 The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-5262 2025-05-27 N/A 0.0 Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to…
CVE-2025-26785 2025-05-14 HIGH 7.5 An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930,…
CVE-2025-32951 2025-04-22 MEDIUM 6.4 Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter,…
CVE-2024-56427 2025-05-14 MEDIUM 6.5 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem…
CVE-2022-40262 2022-09-20 HIGH 8.2 A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing,…
CVE-2022-40186 2022-09-22 CRITICAL 9.1 An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has…
CVE-2022-38512 2022-09-22 MEDIUM 6.5 The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a…
CVE-2022-38916 2022-09-20 CRITICAL 9.8 A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
CVE-2022-38550 2022-09-19 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-28981 2022-09-22 HIGH 7.5 Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
CVE-2022-28980 2022-09-22 MEDIUM 6.1 Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_…
CVE-2022-28982 2022-09-22 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML…
CVE-2022-37204 2022-09-20 CRITICAL 9.8 Final CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-26873 2022-09-20 HIGH 8.2 A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing,…
CVE-2024-38749 2024-08-13 MEDIUM 5.3 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive…
CVE-2024-6460 2024-08-16 CRITICAL 9.8 The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute…
CVE-2024-42639 2024-08-16 CRITICAL 9.8 H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.
CVE-2024-6459 2024-08-17 CRITICAL 9.8 The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to…
CVE-2024-43239 2024-08-18 MEDIUM 4.3 Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.
CVE-2025-32952 2025-04-22 MEDIUM 6.5 Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file…
« Anterior Página 1157 de 4309 Siguiente »