Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-40120 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.
CVE-2022-40119 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.
CVE-2022-40118 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.
CVE-2022-40117 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.
CVE-2022-3195 2022-09-26 HIGH 8.8 Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML…
CVE-2022-3098 2022-09-26 MEDIUM 4.3 The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2022-3062 2022-09-26 MEDIUM 6.1 The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
CVE-2022-40113 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.
CVE-2022-40107 2022-09-23 HIGH 7.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-3025 2022-09-26 MEDIUM 5.4 The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change…
CVE-2022-3024 2022-09-26 MEDIUM 5.4 The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call…
CVE-2022-32853 2022-09-23 HIGH 7.1 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a…
CVE-2022-32851 2022-09-23 HIGH 7.1 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a…
CVE-2022-32848 2022-09-23 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a…
CVE-2022-32847 2022-09-23 CRITICAL 9.1 This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5,…
CVE-2022-32842 2022-09-23 HIGH 7.8 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to…
CVE-2022-32841 2022-09-23 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously…
CVE-2022-32831 2022-09-23 HIGH 7.1 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously…
CVE-2022-32828 2022-09-23 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able…
CVE-2022-32825 2022-09-23 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey…
CVE-2022-32805 2022-09-23 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may…
CVE-2022-32801 2022-09-23 HIGH 7.8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.
CVE-2022-32800 2022-09-23 MEDIUM 5.5 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able…
CVE-2022-32799 2022-09-23 MEDIUM 5.9 An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network…
CVE-2022-2853 2022-09-26 HIGH 8.8 Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption…
CVE-2022-2987 2022-09-26 HIGH 7.5 The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to…
CVE-2022-32220 2022-09-23 MEDIUM 6.5 An information disclosure vulnerability exists in Rocket.Chat
CVE-2022-32219 2022-09-23 MEDIUM 4.3 An information disclosure vulnerability exists in Rocket.Chat
CVE-2022-2852 2022-09-26 HIGH 8.8 Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-22629 2022-09-23 HIGH 8.8 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4…
CVE-2022-0080 2022-01-02 CRITICAL 9.8 mruby is vulnerable to Heap-based Buffer Overflow
CVE-2021-41819 2022-01-01 HIGH 7.5 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-30337 2022-01-03 HIGH 8.4 Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer…
CVE-2025-2257 2025-03-26 HIGH 7.2 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2024-9545 2024-12-21 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up…
CVE-2024-12588 2024-12-21 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and…
CVE-2024-12042 2024-12-13 MEDIUM 5.4 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality…
CVE-2024-31022 2024-04-08 CRITICAL 9.8 An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.
CVE-2024-9461 2024-11-26 HIGH 7.2 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2024-8486 2024-10-05 MEDIUM 6.4 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker…
CVE-2025-40571 2025-05-13 LOW 2.2 A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO…
CVE-2022-41604 2022-09-27 HIGH 8.8 Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass…
CVE-2022-40785 2022-09-26 HIGH 8.8 Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running…
CVE-2022-40353 2022-09-27 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.
CVE-2022-40352 2022-09-27 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.
CVE-2022-40784 2022-09-26 HIGH 8.8 Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.
CVE-2022-3074 2022-09-26 MEDIUM 4.8 The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
CVE-2022-3070 2022-09-26 MEDIUM 4.8 The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when…
CVE-2022-3047 2022-09-26 MEDIUM 6.5 Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy…
CVE-2022-3046 2022-09-26 HIGH 8.8 Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap…
« Anterior Página 1177 de 4309 Siguiente »