Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-36477 2024-06-21 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE…
CVE-2025-22149 2025-01-09 N/A 0.0 JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do…
CVE-2025-44176 2025-05-12 MEDIUM 6.5 Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.
CVE-2025-45858 2025-05-13 CRITICAL 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVE-2025-3757 2025-05-13 CRITICAL 9.8 Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
CVE-2025-45863 2025-05-13 CRITICAL 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface.
CVE-2024-13382 2025-05-15 MEDIUM 4.8 The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-13729 2025-05-15 MEDIUM 4.8 The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-13730 2025-05-15 MEDIUM 4.8 The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2022-3559 2022-10-17 MEDIUM 4.6 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free.…
CVE-2022-3620 2022-10-20 MEDIUM 5.6 A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads…
CVE-2025-4540 2025-05-11 HIGH 7.0 A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation…
CVE-2024-12586 2025-02-13 MEDIUM 6.1 The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-25523 2025-02-11 MEDIUM 5.9 Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The…
CVE-2025-24607 2025-02-14 MEDIUM 5.8 Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71.
CVE-2025-22284 2025-02-16 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes…
CVE-2025-22289 2025-02-16 MEDIUM 6.5 Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition:…
CVE-2025-26767 2025-02-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg…
CVE-2021-21350 2021-03-23 MEDIUM 5.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2021-21349 2021-03-23 MEDIUM 6.1 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2021-21348 2021-03-23 MEDIUM 5.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2021-21347 2021-03-23 MEDIUM 6.1 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2025-0924 2025-02-17 HIGH 7.2 The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient…
CVE-2021-21346 2021-03-23 MEDIUM 6.1 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2021-21345 2021-03-23 MEDIUM 5.8 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2021-21344 2021-03-23 MEDIUM 5.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker…
CVE-2024-13626 2025-02-17 HIGH 7.1 The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…
CVE-2021-21343 2021-03-23 MEDIUM 5.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling…
CVE-2021-21342 2021-03-23 MEDIUM 5.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling…
CVE-2021-21341 2021-03-23 HIGH 7.5 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to…
CVE-2024-13627 2025-02-17 MEDIUM 4.7 The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2021-21351 2021-03-23 MEDIUM 5.4 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to…
CVE-2024-13356 2025-02-04 MEDIUM 6.5 The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to…
CVE-2024-13733 2025-02-04 MEDIUM 6.4 The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and…
CVE-2025-24804 2025-02-05 MEDIUM 4.3 Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain…
CVE-2025-24805 2025-02-05 MEDIUM 5.5 Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make…
CVE-2020-26217 2020-11-16 HIGH 8.0 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.…
CVE-2020-26259 2020-12-16 MEDIUM 6.8 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local…
CVE-2021-43859 2022-02-01 HIGH 7.5 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU…
CVE-2020-26258 2020-12-16 MEDIUM 6.3 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling.…
CVE-2021-39139 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
CVE-2021-39141 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
CVE-2021-39145 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
CVE-2021-39147 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
CVE-2022-40151 2022-09-16 MEDIUM 6.5 Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may…
CVE-2022-40152 2022-09-16 MEDIUM 6.5 Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user…
CVE-2022-41966 2022-12-28 HIGH 8.2 XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting…
CVE-2021-39140 2021-08-23 MEDIUM 6.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time…
CVE-2021-39153 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
CVE-2021-39149 2021-08-23 HIGH 8.5 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary…
« Anterior Página 1164 de 4309 Siguiente »