Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-25925 2025-03-11 MEDIUM 4.8 A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter…
CVE-2022-41571 2022-09-27 CRITICAL 9.8 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
CVE-2022-41347 2022-09-26 HIGH 7.8 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with…
CVE-2022-40927 2022-09-26 HIGH 7.2 Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.
CVE-2022-40485 2022-09-26 CRITICAL 9.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.
CVE-2022-40926 2022-09-26 HIGH 7.2 Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.
CVE-2022-40484 2022-09-26 CRITICAL 9.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.
CVE-2022-40483 2022-09-26 CRITICAL 9.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.
CVE-2022-40404 2022-09-26 HIGH 8.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.
CVE-2022-40403 2022-09-26 HIGH 7.2 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.
CVE-2022-40402 2022-09-26 HIGH 8.8 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.
CVE-2022-40199 2022-09-27 LOW 2.7 Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative…
CVE-2022-40099 2022-09-26 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.
CVE-2022-40098 2022-09-26 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.
CVE-2022-40097 2022-09-26 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.
CVE-2022-40050 2022-09-26 CRITICAL 9.8 ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
CVE-2022-3055 2022-09-26 HIGH 8.8 Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit…
CVE-2022-3054 2022-09-26 MEDIUM 6.5 Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3053 2022-09-26 MEDIUM 4.3 Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
CVE-2022-3052 2022-09-26 HIGH 8.8 Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific…
CVE-2022-3043 2022-09-26 HIGH 8.8 Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI…
CVE-2022-3042 2022-09-26 HIGH 8.8 Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-38975 2022-09-27 MEDIUM 5.4 DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the…
CVE-2022-37346 2022-09-27 CRITICAL 9.8 EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload…
CVE-2022-3041 2022-09-26 HIGH 8.8 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3040 2022-09-26 HIGH 8.8 Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3039 2022-09-26 HIGH 8.8 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-30004 2022-09-26 CRITICAL 9.8 Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..
CVE-2022-2998 2022-09-26 HIGH 8.8 Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction…
CVE-2021-41437 2022-09-26 MEDIUM 6.5 An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it,…
CVE-2025-25927 2025-03-11 MEDIUM 6.8 A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.
CVE-2024-6334 2024-07-09 MEDIUM 6.1 The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to…
CVE-2024-5488 2024-07-09 CRITICAL 9.8 The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to…
CVE-2024-3410 2024-07-09 MEDIUM 4.3 The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-4057 2024-06-04 MEDIUM 6.1 The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a…
CVE-2024-2470 2024-06-04 MEDIUM 5.4 The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-0757 2024-06-04 MEDIUM 5.4 The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the…
CVE-2024-4469 2024-05-31 HIGH 7.5 The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem…
CVE-2024-3937 2024-05-29 MEDIUM 4.8 The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-3921 2024-05-29 MEDIUM 4.8 The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-3050 2024-05-29 CRITICAL 9.1 The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass…
CVE-2024-3939 2024-05-27 MEDIUM 5.4 The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-3920 2024-05-23 LOW 3.5 The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-3918 2024-05-23 MEDIUM 4.8 The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform…
CVE-2024-3917 2024-05-23 MEDIUM 6.1 The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-3594 2024-05-23 HIGH 8.7 The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-4290 2024-05-21 HIGH 7.1 The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-4289 2024-05-21 MEDIUM 6.1 The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting…
CVE-2024-13119 2025-02-13 MEDIUM 4.8 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings,…
CVE-2024-2189 2024-05-21 MEDIUM 6.1 The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users…
« Anterior Página 1188 de 4309 Siguiente »