Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-41437 2022-09-30 HIGH 7.2 Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.
CVE-2022-41828 2022-09-29 HIGH 8.1 In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class…
CVE-2022-40887 2022-09-29 CRITICAL 9.8 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.
CVE-2022-40472 2022-09-29 HIGH 8.0 ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted…
CVE-2022-40879 2022-09-29 MEDIUM 6.1 kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
CVE-2022-40407 2022-09-29 HIGH 8.8 A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2022-40048 2022-09-29 HIGH 7.2 Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
CVE-2022-37461 2022-09-30 MEDIUM 6.1 Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after…
CVE-2022-39173 2022-09-29 HIGH 7.5 In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During…
CVE-2022-3287 2022-09-28 MEDIUM 6.5 When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to…
CVE-2022-3215 2022-09-28 HIGH 7.5 NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input…
CVE-2022-35137 2022-09-29 MEDIUM 5.4 DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-33880 2022-09-29 CRITICAL 9.8 hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
CVE-2022-35888 2022-09-29 MEDIUM 6.5 Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating…
CVE-2019-5797 2022-09-29 HIGH 7.5 Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2023-39252 2023-09-21 MEDIUM 5.9 Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain…
CVE-2022-34462 2023-01-18 HIGH 8.4 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this…
CVE-2022-34442 2023-01-18 HIGH 8.0 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information,…
CVE-2022-34441 2023-01-11 HIGH 8.0 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information,…
CVE-2022-34440 2023-01-11 HIGH 8.4 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information,…
CVE-2025-22385 2025-01-04 MEDIUM 5.9 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the…
CVE-2025-22386 2025-01-04 HIGH 7.3 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the…
CVE-2025-22388 2025-01-04 MEDIUM 5.7 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary…
CVE-2025-22389 2025-01-04 HIGH 8.0 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the…
CVE-2025-22390 2025-01-04 HIGH 7.5 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users…
CVE-2024-10563 2025-02-26 MEDIUM 5.4 The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-12737 2025-02-26 MEDIUM 6.1 The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading…
CVE-2024-13629 2025-02-26 MEDIUM 6.1 The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13630 2025-02-26 MEDIUM 6.1 The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13631 2025-02-26 HIGH 7.1 The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13632 2025-02-26 HIGH 7.1 The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-13633 2025-02-26 HIGH 7.1 The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13634 2025-02-26 MEDIUM 6.1 The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13669 2025-02-26 MEDIUM 6.1 The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13678 2025-02-26 MEDIUM 6.1 The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-1288 2025-05-15 MEDIUM 6.1 The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-56408 2025-01-03 MEDIUM 5.4 PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads…
CVE-2024-12873 2025-05-15 MEDIUM 6.1 The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-55893 2025-01-14 MEDIUM 4.3 TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
CVE-2023-50976 2023-12-18 CRITICAL 9.8 Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
CVE-2022-41870 2022-09-30 HIGH 7.2 AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
CVE-2022-40408 2022-09-29 MEDIUM 5.4 FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.
CVE-2022-40314 2022-09-30 CRITICAL 9.8 A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVE-2022-40313 2022-09-30 HIGH 7.1 Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-40277 2022-09-30 HIGH 7.8 Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is…
CVE-2022-40274 2022-09-30 HIGH 7.8 Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because…
CVE-2022-1959 2022-09-30 MEDIUM 6.6 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
CVE-2024-37131 2024-06-13 HIGH 7.5 SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of…
CVE-2024-24903 2024-03-01 HIGH 8.0 Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this…
CVE-2024-24904 2024-03-01 HIGH 7.6 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to…
« Anterior Página 1195 de 4309 Siguiente »