Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-13384 2025-05-15 MEDIUM 4.8 The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-13383 2025-05-15 MEDIUM 4.8 The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-13357 2025-05-15 MEDIUM 4.8 The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site…
CVE-2024-13313 2025-05-15 MEDIUM 4.8 The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-13053 2025-05-15 MEDIUM 4.8 The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-12874 2025-05-15 MEDIUM 4.8 The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-12812 2025-05-15 HIGH 7.5 The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate…
CVE-2024-12808 2025-05-15 MEDIUM 4.8 The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of…
CVE-2024-12800 2025-05-15 MEDIUM 4.8 The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
CVE-2024-12770 2025-05-15 MEDIUM 4.8 The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-12750 2025-05-15 MEDIUM 4.3 The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-12743 2025-05-15 MEDIUM 4.8 The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-12739 2025-05-15 MEDIUM 4.8 The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-12726 2025-05-15 MEDIUM 6.1 The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-12725 2025-05-15 MEDIUM 6.1 The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-12724 2025-05-15 MEDIUM 6.1 The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-12722 2025-05-15 MEDIUM 5.4 The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post…
CVE-2024-12716 2025-05-15 MEDIUM 4.8 The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-12301 2025-05-15 MEDIUM 6.5 The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions…
CVE-2024-12282 2025-05-15 MEDIUM 6.1 The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-11843 2025-05-15 MEDIUM 4.8 The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-11719 2025-05-15 MEDIUM 6.1 The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-11718 2025-05-15 MEDIUM 5.4 The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above…
CVE-2024-11502 2025-05-15 MEDIUM 5.4 The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-11373 2025-05-15 MEDIUM 4.3 The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-11372 2025-05-15 HIGH 7.2 The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-11269 2025-05-15 HIGH 7.2 The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks.
CVE-2024-11267 2025-05-15 HIGH 8.8 The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform…
CVE-2024-11266 2025-05-15 MEDIUM 4.8 The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-11221 2025-05-15 MEDIUM 4.8 The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2024-11190 2025-05-15 MEDIUM 4.8 The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-11189 2025-05-15 MEDIUM 4.8 The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…
CVE-2024-11141 2025-05-15 MEDIUM 6.1 The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored…
CVE-2024-10818 2025-05-15 MEDIUM 5.4 The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2024-10677 2025-05-15 MEDIUM 4.3 The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change…
CVE-2024-10639 2025-05-15 MEDIUM 4.8 The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-10634 2025-05-15 MEDIUM 4.3 The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-10632 2025-05-15 MEDIUM 4.8 The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored…
CVE-2024-10475 2025-05-15 MEDIUM 4.8 The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-10362 2025-05-15 MEDIUM 4.8 The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such…
CVE-2022-41848 2022-09-30 MEDIUM 4.2 drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a…
CVE-2022-41847 2022-09-30 MEDIUM 5.5 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
CVE-2022-41846 2022-09-30 MEDIUM 5.5 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
CVE-2022-41845 2022-09-30 MEDIUM 5.5 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array::EnsureCapacity in Core/Ap4Array.h.
CVE-2022-41844 2022-09-30 MEDIUM 5.5 An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
CVE-2022-41843 2022-09-30 MEDIUM 5.5 An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
CVE-2022-41842 2022-09-30 MEDIUM 5.5 An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVE-2022-41841 2022-09-30 MEDIUM 5.5 An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.
CVE-2022-41440 2022-09-30 HIGH 7.2 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.
CVE-2022-41439 2022-09-30 HIGH 7.2 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.
« Anterior Página 1194 de 4309 Siguiente »