Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2021-36739 2022-01-06 MEDIUM 6.1 The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
CVE-2021-25022 2022-01-03 MEDIUM 6.1 The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to…
CVE-2021-24964 2022-01-03 MEDIUM 6.1 The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using…
CVE-2021-24042 2022-01-04 CRITICAL 9.8 The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior…
CVE-2021-24786 2022-01-03 HIGH 7.2 The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs,…
CVE-2021-1918 2022-01-03 MEDIUM 6.5 Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2024-12732 2025-05-15 MEDIUM 6.1 The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-12733 2025-05-15 MEDIUM 6.1 The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-12734 2025-05-15 MEDIUM 6.1 The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-12735 2025-05-15 HIGH 7.2 The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform…
CVE-2024-13127 2025-05-15 MEDIUM 4.8 The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2025-46188 2025-05-09 CRITICAL 9.8 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.
CVE-2025-46189 2025-05-09 CRITICAL 9.8 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.
CVE-2024-13128 2025-05-15 MEDIUM 4.8 The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2025-46191 2025-05-09 CRITICAL 9.8 Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of…
CVE-2025-46190 2025-05-09 CRITICAL 9.8 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.
CVE-2025-46193 2025-05-09 CRITICAL 9.8 SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
CVE-2025-46192 2025-05-09 CRITICAL 9.8 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
CVE-2025-47280 2025-05-13 MEDIUM 6.1 Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send…
CVE-2025-4658 2025-05-13 CRITICAL 9.8 Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library…
CVE-2025-27197 2025-05-13 HIGH 7.8 Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
CVE-2025-30324 2025-05-13 HIGH 7.8 Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-30325 2025-05-13 HIGH 7.8 Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-4544 2025-05-11 MEDIUM 6.6 A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd.…
CVE-2025-4858 2025-05-18 LOW 2.4 A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing…
CVE-2025-4859 2025-05-18 LOW 2.4 A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC…
CVE-2024-0810 2024-01-24 MEDIUM 4.3 Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via…
CVE-2024-0804 2024-01-24 HIGH 7.5 Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security…
CVE-2024-0755 2024-01-23 HIGH 8.8 Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2024-0754 2024-01-23 MEDIUM 6.5 Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
CVE-2024-0749 2024-01-23 MEDIUM 4.3 A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and…
CVE-2024-0747 2024-01-23 MEDIUM 6.5 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects…
CVE-2024-0517 2024-01-16 HIGH 8.8 Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security…
CVE-2024-0187 2024-01-16 MEDIUM 6.1 The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site…
CVE-2023-5124 2024-01-29 MEDIUM 4.8 The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html…
CVE-2023-5091 2024-01-08 MEDIUM 5.5 Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.…
CVE-2023-48085 2023-12-14 CRITICAL 9.8 Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2023-46750 2023-12-14 MEDIUM 6.1 URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
CVE-2023-41151 2023-12-14 HIGH 7.5 An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to…
CVE-2022-40103 2022-09-23 MEDIUM 5.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-40102 2022-09-23 HIGH 7.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-40101 2022-09-23 HIGH 7.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-40100 2022-09-23 CRITICAL 9.8 Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.
CVE-2022-35247 2022-09-23 MEDIUM 4.3 A information disclosure vulnerability exists in Rocket.chat
CVE-2022-32823 2022-09-23 MEDIUM 5.5 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6,…
CVE-2022-32821 2022-09-23 HIGH 7.8 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app…
CVE-2020-36773 2024-02-04 CRITICAL 9.8 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than…
CVE-2020-26630 2024-01-10 MEDIUM 4.9 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor…
CVE-2022-32819 2022-09-23 HIGH 7.8 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS…
CVE-2022-32229 2022-09-23 MEDIUM 4.3 A information disclosure vulnerability exists in Rockert.Chat
« Anterior Página 1175 de 4309 Siguiente »