Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-40408 2022-09-29 MEDIUM 5.4 FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.
CVE-2022-40314 2022-09-30 CRITICAL 9.8 A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVE-2022-40313 2022-09-30 HIGH 7.1 Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-40277 2022-09-30 HIGH 7.8 Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is…
CVE-2022-40274 2022-09-30 HIGH 7.8 Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because…
CVE-2022-1959 2022-09-30 MEDIUM 6.6 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
CVE-2024-37131 2024-06-13 HIGH 7.5 SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of…
CVE-2024-24903 2024-03-01 HIGH 8.0 Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this…
CVE-2024-24904 2024-03-01 HIGH 7.6 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to…
CVE-2024-24906 2024-03-01 HIGH 7.6 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this…
CVE-2024-24900 2024-03-01 MEDIUM 5.8 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized…
CVE-2024-24905 2024-03-01 HIGH 7.6 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to…
CVE-2024-24907 2024-03-01 HIGH 7.6 Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit…
CVE-2024-5713 2024-07-13 MEDIUM 5.4 The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site…
CVE-2024-5715 2024-07-13 HIGH 7.1 The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-6231 2024-07-23 MEDIUM 5.9 The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-55894 2025-01-14 MEDIUM 4.3 TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
CVE-2023-4724 2023-12-18 HIGH 7.2 The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which…
CVE-2022-41406 2022-10-12 HIGH 7.2 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41191 2022-10-11 HIGH 7.8 Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer…
CVE-2022-40931 2022-09-29 MEDIUM 6.1 dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-39168 2022-09-29 HIGH 7.5 IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
CVE-2022-38732 2022-09-29 HIGH 7.5 SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
CVE-2025-23382 2025-03-19 MEDIUM 5.5 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker…
CVE-2024-29169 2024-06-13 MEDIUM 5.4 Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit…
CVE-2025-26475 2025-03-19 MEDIUM 5.5 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing…
CVE-2025-47708 2025-05-14 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0…
CVE-2025-47704 2025-05-14 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent…
CVE-2025-47703 2025-05-14 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before…
CVE-2025-47701 2025-05-14 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.
CVE-2024-10009 2025-05-15 MEDIUM 4.1 The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection…
CVE-2022-40944 2022-09-30 CRITICAL 9.8 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2022-40316 2022-09-30 MEDIUM 4.3 The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not…
CVE-2022-40315 2022-09-30 CRITICAL 9.8 A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-36965 2022-09-30 MEDIUM 6.1 Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
CVE-2021-33354 2022-09-30 HIGH 8.1 Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVE-2025-27088 2025-02-20 HIGH 8.2 oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject…
CVE-2024-45818 2024-12-19 MEDIUM 6.5 The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving…
CVE-2024-11140 2025-05-15 LOW 3.5 The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-10631 2025-05-15 MEDIUM 6.5 The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post…
CVE-2024-10149 2025-05-15 MEDIUM 4.8 The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-10143 2025-05-15 MEDIUM 4.8 The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2024-10098 2025-05-15 LOW 2.7 The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVE-2022-41606 2022-10-12 MEDIUM 6.5 HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash…
CVE-2022-41550 2022-10-11 MEDIUM 6.5 GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.
CVE-2022-41975 2022-09-30 HIGH 7.8 RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.
CVE-2022-41532 2022-10-12 HIGH 7.2 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.
CVE-2022-41204 2022-10-11 HIGH 8.8 An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that…
CVE-2022-40943 2022-09-30 CRITICAL 9.8 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.
CVE-2022-40923 2022-09-30 MEDIUM 6.5 A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
« Anterior Página 1197 de 4310 Siguiente »