Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2021-27854 2022-09-27 MEDIUM 4.7 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi…
CVE-2025-26091 2025-03-04 MEDIUM 4.6 A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a…
CVE-2025-33072 2025-05-08 HIGH 8.1 Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2024-44674 2024-10-07 MEDIUM 5.7 D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to…
CVE-2025-47732 2025-05-08 HIGH 8.7 Microsoft Dataverse Remote Code Execution Vulnerability
CVE-2024-44589 2024-09-18 HIGH 8.8 Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.
CVE-2025-47733 2025-05-08 CRITICAL 9.1 Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVE-2024-33774 2024-05-14 MEDIUM 6.5 A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2024-33773 2024-05-14 MEDIUM 6.5 A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2024-33772 2024-05-14 MEDIUM 5.7 A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime."
CVE-2024-33771 2024-05-14 MEDIUM 6.5 A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2025-3810 2025-05-09 CRITICAL 9.8 The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not…
CVE-2025-4773 2025-05-16 HIGH 7.3 A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation…
CVE-2025-4777 2025-05-16 MEDIUM 6.3 A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation…
CVE-2025-39481 2025-05-16 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6.
CVE-2025-4771 2025-05-16 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the…
CVE-2025-45746 2025-05-13 MEDIUM 6.5 In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance…
CVE-2022-40890 2022-09-29 HIGH 7.5 A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.
CVE-2022-40363 2022-09-29 MEDIUM 5.5 A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC…
CVE-2022-30935 2022-09-28 CRITICAL 9.1 An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the…
CVE-2022-32170 2022-09-28 MEDIUM 4.3 The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected…
CVE-2022-32169 2022-09-28 MEDIUM 4.3 The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and…
CVE-2025-3811 2025-05-09 CRITICAL 9.8 The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not…
CVE-2025-4901 2025-05-19 MEDIUM 4.3 A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP…
CVE-2025-4756 2025-05-16 MEDIUM 5.3 A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to…
CVE-2025-4902 2025-05-19 MEDIUM 5.3 A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The…
CVE-2025-3878 2025-05-10 MEDIUM 6.4 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including,…
CVE-2025-3876 2025-05-10 HIGH 8.8 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions…
CVE-2024-48150 2024-10-14 CRITICAL 9.8 D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.
CVE-2025-4911 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the…
CVE-2024-36832 2024-12-17 HIGH 7.5 A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in…
CVE-2024-44411 2024-09-09 CRITICAL 9.8 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
CVE-2024-57045 2025-02-18 CRITICAL 9.8 A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name…
CVE-2024-34950 2024-05-14 HIGH 7.5 D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
CVE-2024-33111 2024-05-06 MEDIUM 5.4 D-Link DIR-845L router
CVE-2024-33112 2024-05-06 HIGH 7.5 D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
CVE-2024-33113 2024-05-06 MEDIUM 5.3 D-LINK DIR-845L
CVE-2024-33110 2024-05-06 CRITICAL 9.1 D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.
CVE-2025-4925 2025-05-19 HIGH 7.3 A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php.…
CVE-2024-33345 2024-04-29 MEDIUM 6.5 D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via…
CVE-2024-33344 2024-04-26 CRITICAL 9.8 D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-33343 2024-04-26 HIGH 8.8 D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-33342 2024-04-26 HIGH 7.5 D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2025-4926 2025-05-19 MEDIUM 4.7 A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation…
CVE-2025-4927 2025-05-19 HIGH 7.3 A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation…
CVE-2023-49575 2024-05-24 HIGH 7.1 A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker…
CVE-2023-49572 2024-05-24 HIGH 7.1 A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through…
CVE-2024-7253 2024-11-22 HIGH 7.8 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the…
CVE-2024-47939 2024-11-01 HIGH 7.7 Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created…
CVE-2025-48427 2025-05-21 N/A 0.0 Rejected reason: Not used
« Anterior Página 1192 de 4309 Siguiente »