Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-35022 2022-09-22 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.
CVE-2022-35021 2022-09-22 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693.
CVE-2022-21138 2025-05-27 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2022-0003 2025-05-27 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2022-30426 2022-09-23 HIGH 7.8 There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability…
CVE-2022-28977 2022-09-22 MEDIUM 6.1 HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14,…
CVE-2021-41803 2022-09-23 HIGH 7.1 HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with…
CVE-2021-41136 2021-10-12 LOW 3.7 Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the…
CVE-2020-26272 2021-01-28 MEDIUM 5.4 The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent…
CVE-2024-1310 2024-04-15 MEDIUM 4.9 The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and…
CVE-2024-29461 2024-04-12 MEDIUM 6.3 An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
CVE-2023-40486 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema…
CVE-2023-40482 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D.…
CVE-2023-40483 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D.…
CVE-2023-40484 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema…
CVE-2023-40485 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema…
CVE-2023-40487 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User…
CVE-2023-40488 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User…
CVE-2023-40489 2024-05-03 HIGH 7.8 Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User…
CVE-2024-31268 2024-04-12 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
CVE-2023-44856 2024-04-12 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and…
CVE-2025-4891 2025-05-18 MEDIUM 5.3 A vulnerability was found in code-projects Police Station Management System 1.0. It has been classified as critical. Affected is the function criminal::display of the file source.cpp of the…
CVE-2025-5108 2025-05-23 MEDIUM 6.3 A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP…
CVE-2025-5107 2025-05-23 MEDIUM 6.3 A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument…
CVE-2023-5907 2023-12-11 MEDIUM 6.5 The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory,…
CVE-2023-49417 2023-12-11 CRITICAL 9.8 TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
CVE-2023-48425 2023-12-11 CRITICAL 9.8 U-Boot vulnerability resulting in persistent Code Execution 
CVE-2023-41117 2023-12-12 HIGH 8.8 An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages,…
CVE-2023-42908 2023-12-12 HIGH 7.8 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app…
CVE-2023-42884 2023-12-12 MEDIUM 5.5 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2,…
CVE-2023-36652 2023-12-12 MEDIUM 4.3 A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the…
CVE-2023-28465 2023-12-12 HIGH 7.5 The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed…
CVE-2022-41320 2022-09-23 MEDIUM 6.5 Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a…
CVE-2022-41319 2022-09-23 MEDIUM 6.1 A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through…
CVE-2022-40188 2022-09-23 HIGH 7.5 Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large…
CVE-2022-40869 2022-09-23 CRITICAL 9.8 Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
CVE-2022-40865 2022-09-23 CRITICAL 9.8 Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
CVE-2022-40716 2022-09-23 MEDIUM 6.5 HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling…
CVE-2022-38936 2022-09-23 HIGH 7.5 An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
CVE-2022-37235 2022-09-23 CRITICAL 9.8 Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused…
CVE-2022-40089 2022-09-22 CRITICAL 9.8 A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the…
CVE-2022-40088 2022-09-22 MEDIUM 6.1 Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or…
CVE-2022-40087 2022-09-22 CRITICAL 9.8 Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted…
CVE-2022-36944 2022-09-23 CRITICAL 9.8 Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with…
CVE-2022-37234 2022-09-22 HIGH 7.8 Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused…
CVE-2022-34026 2022-09-22 HIGH 7.5 ICEcoder v8.1 allows attackers to execute a directory traversal.
CVE-2022-35024 2022-09-22 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVE-2022-32814 2022-09-23 HIGH 7.8 A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An…
CVE-2022-32849 2022-09-23 MEDIUM 5.5 An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS…
CVE-2022-33682 2022-09-23 MEDIUM 5.9 TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's…
« Anterior Página 1160 de 4309 Siguiente »