Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-30003 2022-09-26 MEDIUM 5.4 Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in…
CVE-2022-22058 2022-09-26 HIGH 8.4 Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…
CVE-2021-27853 2022-09-27 MEDIUM 4.7 Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
CVE-2025-1104 2025-02-07 HIGH 7.3 A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack…
CVE-2024-55532 2025-03-03 CRITICAL 9.8 Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes…
CVE-2024-56914 2025-01-22 MEDIUM 5.7 D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
CVE-2025-25429 2025-02-28 MEDIUM 4.8 Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.
CVE-2025-25428 2025-02-28 HIGH 8.0 TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2025-25430 2025-02-28 MEDIUM 4.8 Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
CVE-2024-13726 2025-02-17 HIGH 8.6 The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated…
CVE-2024-37607 2024-12-17 MEDIUM 6.5 A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2024-37606 2024-12-17 MEDIUM 6.5 A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2024-42093 2024-07-29 HIGH 7.3 In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack…
CVE-2024-41057 2024-07-29 HIGH 7.0 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG:…
CVE-2024-56662 2024-12-27 MEDIUM 6.0 In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in…
CVE-2024-50705 2025-03-04 HIGH 7.1 Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
CVE-2025-1955 2025-03-04 LOW 3.5 A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of…
CVE-2024-48246 2025-03-05 MEDIUM 5.4 Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php.
CVE-2024-37605 2024-12-17 MEDIUM 6.5 A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2024-13868 2025-03-06 MEDIUM 6.1 The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-36831 2024-12-17 MEDIUM 5.3 A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
CVE-2025-0624 2025-02-19 HIGH 7.6 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable…
CVE-2022-40929 2022-09-28 CRITICAL 9.8 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary…
CVE-2022-40942 2022-09-28 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
CVE-2022-40878 2022-09-27 HIGH 8.8 In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
CVE-2022-40877 2022-09-27 CRITICAL 9.8 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
CVE-2022-40817 2022-09-27 MEDIUM 4.3 Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets,…
CVE-2022-40475 2022-09-29 CRITICAL 9.8 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
CVE-2022-40486 2022-09-28 HIGH 8.8 TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.
CVE-2022-40497 2022-09-28 HIGH 8.8 Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
CVE-2022-40816 2022-09-27 MEDIUM 6.5 Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other…
CVE-2022-40126 2022-09-29 HIGH 7.8 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
CVE-2022-40083 2022-09-28 CRITICAL 9.6 Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request…
CVE-2022-40082 2022-09-28 HIGH 7.5 Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.
CVE-2022-40354 2022-09-27 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.
CVE-2022-3323 2022-09-27 HIGH 7.5 An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker…
CVE-2022-38934 2022-09-28 LOW 3.3 readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.
CVE-2022-36771 2022-09-28 MEDIUM 6.5 IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.
CVE-2022-36448 2022-09-28 HIGH 8.2 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.
CVE-2022-38932 2022-09-27 HIGH 7.8 readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.
CVE-2022-38335 2022-09-27 MEDIUM 5.4 Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVE-2022-23716 2022-09-28 MEDIUM 5.3 A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs…
CVE-2022-2760 2022-09-28 MEDIUM 4.3 In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error…
CVE-2022-32166 2022-09-28 MEDIUM 6.1 In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of…
CVE-2022-32168 2022-09-28 HIGH 7.8 Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in…
CVE-2022-1270 2022-09-28 HIGH 7.8 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
CVE-2021-43980 2022-09-28 LOW 3.7 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency…
CVE-2021-41433 2022-09-27 CRITICAL 9.8 SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVE-2021-27862 2022-09-27 MEDIUM 4.7 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0…
CVE-2021-27861 2022-09-27 MEDIUM 4.7 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
« Anterior Página 1191 de 4309 Siguiente »