Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-3368 2024-05-20 MEDIUM 6.1 The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with…
CVE-2024-2744 2024-05-17 MEDIUM 4.3 The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site…
CVE-2024-13120 2025-02-13 MEDIUM 4.8 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings,…
CVE-2024-13121 2025-02-13 LOW 3.5 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings,…
CVE-2024-13125 2025-02-13 LOW 3.5 The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-2054 2025-03-07 MEDIUM 4.7 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-2059 2025-03-07 HIGH 7.3 A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The…
CVE-2025-4427 2025-05-13 MEDIUM 5.3 An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVE-2025-4428 2025-05-13 HIGH 7.2 Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVE-2025-2060 2025-03-07 HIGH 7.3 A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation…
CVE-2024-11182 2024-11-15 MEDIUM 6.1 An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow…
CVE-2024-27443 2024-08-12 MEDIUM 6.1 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface,…
CVE-2024-13805 2025-03-07 MEDIUM 6.4 The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all…
CVE-2023-38950 2023-08-03 HIGH 7.5 A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
CVE-2025-26910 2025-03-10 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVE-2024-31841 2024-04-19 HIGH 7.5 An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
CVE-2024-31846 2024-04-19 HIGH 7.5 An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-31845 2024-05-21 MEDIUM 5.3 An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using…
CVE-2024-31843 2024-05-23 MEDIUM 4.1 An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side.…
CVE-2024-27752 2024-04-19 MEDIUM 5.4 Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.
CVE-2022-40928 2022-09-26 HIGH 7.2 Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.
CVE-2022-40925 2022-09-26 HIGH 7.2 Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.
CVE-2022-40924 2022-09-26 HIGH 7.2 Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
CVE-2022-40116 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.
CVE-2022-40115 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.
CVE-2022-3200 2022-09-26 HIGH 8.8 Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2022-3199 2022-09-26 HIGH 8.8 Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2022-40114 2022-09-23 CRITICAL 9.8 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.
CVE-2022-3198 2022-09-26 HIGH 8.8 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity:…
CVE-2022-38970 2022-09-26 MEDIUM 6.5 ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers…
CVE-2022-36159 2022-09-26 HIGH 8.8 Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak,…
CVE-2025-25907 2025-03-10 HIGH 8.8 tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or…
CVE-2024-32489 2024-04-15 MEDIUM 6.1 TCPDF before 6.7.4 mishandles calls that use HTML syntax.
CVE-2024-22640 2024-04-19 HIGH 7.5 TCPDF version
CVE-2024-22641 2024-05-28 HIGH 7.5 TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
CVE-2024-30885 2024-04-11 MEDIUM 6.1 Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component .
CVE-2024-30886 2024-04-23 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
CVE-2024-33661 2024-04-26 CRITICAL 9.1 Portainer before 2.20.0 allows redirects when the target is not index.yaml.
CVE-2024-33662 2024-10-02 HIGH 7.5 Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
CVE-2024-50919 2024-11-18 CRITICAL 9.8 Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
CVE-2025-2211 2025-03-11 LOW 2.4 A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the…
CVE-2025-2210 2025-03-11 LOW 2.4 A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of…
CVE-2025-2209 2025-03-11 LOW 2.4 A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name…
CVE-2025-2208 2025-03-11 LOW 2.4 A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing of the file /sysFiles/upload of the component Filename…
CVE-2025-2207 2025-03-11 LOW 2.4 A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. The manipulation of the argument name leads to…
CVE-2024-20294 2024-02-29 MEDIUM 6.6 A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial…
CVE-2025-26771 2025-02-17 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks…
CVE-2025-4933 2025-05-19 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID…
CVE-2025-4930 2025-05-19 HIGH 7.3 A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument…
CVE-2025-2099 2025-05-19 HIGH 7.5 A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used…
« Anterior Página 1189 de 4309 Siguiente »