Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4929 2025-05-19 HIGH 7.3 A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation…
CVE-2025-4928 2025-05-19 HIGH 7.3 A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation…
CVE-2025-4924 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of…
CVE-2025-4912 2025-05-19 MEDIUM 5.4 A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php…
CVE-2025-4910 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/edit-animal-details.php. The manipulation…
CVE-2025-22635 2025-02-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a.
CVE-2025-4861 2025-05-18 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation…
CVE-2025-4862 2025-05-18 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /searchdata.php.…
CVE-2025-4873 2025-05-18 HIGH 7.3 A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the…
CVE-2025-4874 2025-05-18 HIGH 7.3 A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation…
CVE-2025-4880 2025-05-18 HIGH 7.3 A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation…
CVE-2025-4906 2025-05-19 HIGH 7.3 A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of…
CVE-2025-4907 2025-05-19 HIGH 7.3 A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-1612 2025-02-24 LOW 3.5 A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument…
CVE-2025-4908 2025-05-19 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the…
CVE-2025-26884 2025-02-25 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8.
CVE-2022-38553 2022-09-26 MEDIUM 6.1 Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
CVE-2022-2926 2022-09-26 MEDIUM 4.9 The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary…
CVE-2025-26963 2025-02-25 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3.
CVE-2025-26971 2025-02-25 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a…
CVE-2025-26987 2025-02-25 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps:…
CVE-2025-0767 2025-02-27 CRITICAL 9.8 WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.
CVE-2025-22387 2025-01-04 HIGH 7.5 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter.…
CVE-2025-1363 2025-03-09 LOW 3.5 The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-1362 2025-03-09 MEDIUM 4.3 The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers…
CVE-2024-13668 2025-03-07 HIGH 7.1 The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2025-1382 2025-03-09 MEDIUM 6.1 The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could…
CVE-2025-2717 2025-03-25 MEDIUM 4.7 A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP…
CVE-2025-1103 2025-02-07 MEDIUM 6.5 A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request…
CVE-2024-11638 2025-03-10 HIGH 8.8 The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve…
CVE-2025-22968 2025-01-15 CRITICAL 9.8 An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
CVE-2025-1876 2025-03-03 HIGH 7.3 A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler.…
CVE-2025-1800 2025-03-01 MEDIUM 6.3 A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST…
CVE-2025-24032 2025-02-10 N/A 0.0 PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then…
CVE-2022-41570 2022-09-27 CRITICAL 9.8 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
CVE-2022-40044 2022-09-26 MEDIUM 5.4 Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts…
CVE-2022-40043 2022-09-26 HIGH 8.8 Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
CVE-2022-3303 2022-09-27 MEDIUM 4.7 A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC…
CVE-2022-3272 2022-09-26 HIGH 7.5 Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-3071 2022-09-26 HIGH 8.8 Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific…
CVE-2022-3058 2022-09-26 HIGH 8.8 Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially…
CVE-2022-3057 2022-09-26 MEDIUM 6.5 Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-3056 2022-09-26 MEDIUM 6.5 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2022-3051 2022-09-26 HIGH 8.8 Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI…
CVE-2022-3050 2022-09-26 HIGH 8.8 Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions…
CVE-2022-39835 2022-09-27 MEDIUM 5.3 An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs…
CVE-2022-34326 2022-09-27 HIGH 7.5 In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent…
CVE-2022-3049 2022-09-26 HIGH 8.8 Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI…
CVE-2022-3048 2022-09-26 MEDIUM 6.8 Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to…
CVE-2022-36158 2022-09-26 HIGH 8.0 Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via…
« Anterior Página 1190 de 4309 Siguiente »