Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-0804 2025-01-29 MEDIUM 6.4 The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles…
CVE-2024-48761 2025-01-29 HIGH 8.8 Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.
CVE-2024-51182 2025-01-29 MEDIUM 6.1 HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.
CVE-2024-54851 2025-01-29 HIGH 8.8 Teedy
CVE-2022-35096 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.
CVE-2022-35095 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.
CVE-2022-35094 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
CVE-2022-35093 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
CVE-2024-25844 2024-03-03 HIGH 7.5 An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file.
CVE-2024-57665 2025-01-29 CRITICAL 9.8 JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without…
CVE-2024-55415 2025-01-30 MEDIUM 5.7 DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
CVE-2025-0792 2025-01-29 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId…
CVE-2024-25858 2024-03-05 HIGH 8.4 In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters…
CVE-2024-24278 2024-03-05 HIGH 7.5 An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function.
CVE-2024-21805 2024-03-12 HIGH 7.8 Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may…
CVE-2024-24964 2024-03-12 MEDIUM 6.3 Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may…
CVE-2024-2020 2024-03-13 HIGH 7.2 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due…
CVE-2024-28662 2024-03-13 MEDIUM 5.4 A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.
CVE-2025-0791 2025-01-29 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the…
CVE-2024-25934 2024-03-15 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0.
CVE-2024-24539 2024-03-18 MEDIUM 5.3 FusionPBX before 5.2.0 does not validate a session.
CVE-2024-23721 2024-03-20 HIGH 7.5 A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.
CVE-2025-0790 2025-01-29 LOW 3.5 A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to…
CVE-2025-0789 2025-01-28 MEDIUM 6.3 A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads…
CVE-2025-40775 2025-05-21 HIGH 7.5 When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately…
CVE-2025-31672 2025-04-09 MEDIUM 5.3 Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files…
CVE-2025-1861 2025-03-30 N/A 0.0 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP…
CVE-2025-1736 2025-03-30 N/A 0.0 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the…
CVE-2025-1734 2025-03-30 N/A 0.0 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a…
CVE-2025-1219 2025-03-30 MEDIUM 5.3 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML…
CVE-2025-1217 2025-03-29 LOW 3.1 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a…
CVE-2024-50083 2024-10-29 HIGH 7.5 In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption:…
CVE-2025-4786 2025-05-16 MEDIUM 6.3 A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation…
CVE-2025-4787 2025-05-16 MEDIUM 6.3 A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument…
CVE-2024-44914 2024-08-28 MEDIUM 5.5 An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial…
CVE-2024-44915 2024-08-28 MEDIUM 5.5 An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial…
CVE-2024-44913 2024-08-28 MEDIUM 5.5 An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial…
CVE-2021-36340 2021-11-20 HIGH 7.8 Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.
CVE-2025-4788 2025-05-16 HIGH 7.3 A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command Handler. The manipulation…
CVE-2025-4789 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component LCD Command…
CVE-2025-4790 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. The manipulation leads…
CVE-2025-4791 2025-05-16 HIGH 7.3 A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads…
CVE-2025-0825 2025-02-04 N/A 0.0 cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could…
CVE-2025-4782 2025-05-16 MEDIUM 6.3 A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the…
CVE-2025-47688 2025-05-07 MEDIUM 5.3 Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.
CVE-2025-4462 2025-05-09 HIGH 8.8 A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the…
CVE-2025-4461 2025-05-09 LOW 2.4 A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site…
CVE-2025-4460 2025-05-09 LOW 2.4 A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross…
CVE-2025-47612 2025-05-07 MEDIUM 5.4 Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6.
CVE-2024-51547 2025-02-06 CRITICAL 9.8 Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
« Anterior Página 1171 de 4309 Siguiente »