Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48426 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48425 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48424 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48423 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48422 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48421 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48420 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48419 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-0129 2025-04-11 N/A 0.0 An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables…
CVE-2025-4436 2025-05-20 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-23122 2025-05-19 N/A 0.0 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165.
CVE-2022-40708 2022-09-28 LOW 3.3 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information…
CVE-2022-3193 2022-09-28 MEDIUM 6.1 An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows…
CVE-2022-35722 2022-09-28 MEDIUM 5.4 IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…
CVE-2022-35282 2022-09-28 MEDIUM 6.5 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access…
CVE-2022-40912 2022-09-28 MEDIUM 6.1 ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being…
CVE-2022-24373 2022-09-30 MEDIUM 5.3 The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
CVE-2022-2778 2022-09-30 CRITICAL 9.8 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
CVE-2022-22387 2022-09-28 MEDIUM 5.4 IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…
CVE-2021-41434 2022-09-28 MEDIUM 5.4 A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.
CVE-2025-22383 2025-01-04 MEDIUM 4.6 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows…
CVE-2025-22384 2025-01-04 HIGH 7.5 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase…
CVE-2025-1286 2025-05-15 MEDIUM 6.1 The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2025-1033 2025-05-15 MEDIUM 4.8 The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2025-0329 2025-05-15 MEDIUM 4.8 The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-8701 2025-05-15 MEDIUM 4.8 The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-8085 2025-05-15 MEDIUM 6.1 The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-8082 2025-05-15 MEDIUM 4.3 The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-8050 2025-05-15 MEDIUM 4.3 The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-8032 2025-05-15 MEDIUM 6.1 The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers…
CVE-2024-6797 2025-05-15 MEDIUM 4.8 The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-6719 2025-05-15 HIGH 8.1 The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via…
CVE-2024-6713 2025-05-15 MEDIUM 4.8 The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-6712 2025-05-15 MEDIUM 6.1 The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-6693 2025-05-15 MEDIUM 4.8 The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-6690 2025-05-15 MEDIUM 6.1 The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
CVE-2024-6486 2025-05-15 HIGH 7.2 The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission…
CVE-2024-6478 2025-05-15 MEDIUM 4.8 The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-6462 2025-05-15 MEDIUM 4.8 The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-6335 2025-05-15 MEDIUM 4.8 The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-6159 2025-05-15 CRITICAL 9.8 The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an…
CVE-2024-5440 2025-05-15 MEDIUM 5.4 The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-5026 2025-05-15 MEDIUM 4.8 The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-13865 2025-05-15 MEDIUM 6.1 The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13828 2025-05-15 MEDIUM 6.1 The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13823 2025-05-15 MEDIUM 6.1 The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-13727 2025-05-15 MEDIUM 6.1 The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13621 2025-05-15 MEDIUM 4.8 The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-13619 2025-05-15 MEDIUM 6.1 The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13616 2025-05-15 MEDIUM 4.8 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as…
« Anterior Página 1193 de 4309 Siguiente »