Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48127 2025-05-16 MEDIUM 6.5 Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile…
CVE-2025-48121 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a…
CVE-2025-48120 2025-05-16 MEDIUM 5.3 Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4.
CVE-2025-48119 2025-05-16 MEDIUM 5.3 Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from…
CVE-2025-48117 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
CVE-2025-48116 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.
CVE-2024-1958 2024-04-08 MEDIUM 4.8 The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-1956 2024-04-08 MEDIUM 6.1 The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected…
CVE-2024-1292 2024-04-08 MEDIUM 4.7 The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-2016 2024-03-21 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads…
CVE-2023-48902 2024-03-21 CRITICAL 9.8 An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass…
CVE-2023-48903 2024-03-21 MEDIUM 6.1 Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
CVE-2023-48901 2024-03-21 CRITICAL 9.8 A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in…
CVE-2024-2015 2024-03-21 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument…
CVE-2024-24549 2024-03-13 HIGH 7.5 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured…
CVE-2024-23672 2024-03-13 MEDIUM 6.3 Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects…
CVE-2024-2568 2024-03-17 MEDIUM 4.7 A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component…
CVE-2024-26466 2024-02-26 MEDIUM 6.1 A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL.
CVE-2024-41693 2024-07-30 MEDIUM 6.1 Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2023-27043 2023-04-19 MEDIUM 5.3 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value…
CVE-2025-3952 2025-05-01 HIGH 8.1 The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing…
CVE-2024-13845 2025-05-01 MEDIUM 5.5 The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks…
CVE-2025-4149 2025-05-01 HIGH 8.8 A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer…
CVE-2025-24887 2025-04-30 MEDIUM 6.3 OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes…
CVE-2025-4099 2025-05-01 MEDIUM 6.4 The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient…
CVE-2024-21610 2024-04-12 MEDIUM 4.3 An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to…
CVE-2025-4921 2025-05-17 N/A 0.0 Rejected reason: Duplicate of CVE-2025-4919
CVE-2025-4920 2025-05-17 N/A 0.0 Rejected reason: Duplicate of CVE-2025-4918
CVE-2024-12950 2024-12-26 MEDIUM 6.3 A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation…
CVE-2025-37880 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling…
CVE-2025-3173 2025-04-03 HIGH 7.3 A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation…
CVE-2025-37821 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that…
CVE-2025-47203 2025-05-07 MEDIUM 4.5 dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
CVE-2024-13965 2025-05-17 N/A 0.0 Rejected reason: wrong year
CVE-2024-13964 2025-05-17 N/A 0.0 Rejected reason: wrong year
CVE-2025-4331 2025-05-06 HIGH 7.3 A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument…
CVE-2024-54780 2025-05-14 HIGH 8.8 Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input…
CVE-2023-1061 2023-02-27 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation…
CVE-2023-1059 2023-02-27 MEDIUM 6.3 A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The…
CVE-2025-2605 2025-05-02 CRITICAL 9.9 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53…
CVE-2025-22458 2025-04-08 HIGH 7.8 DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
CVE-2024-9882 2025-05-15 MEDIUM 4.8 The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow…
CVE-2024-9238 2025-05-15 MEDIUM 5.4 The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious…
CVE-2024-9236 2025-05-15 MEDIUM 4.8 The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-9227 2025-05-15 MEDIUM 4.8 The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users…
CVE-2024-9182 2025-05-15 MEDIUM 4.8 The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting…
CVE-2024-8759 2025-05-15 MEDIUM 4.8 The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-8702 2025-05-15 MEDIUM 4.8 The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-8492 2025-05-15 MEDIUM 4.8 The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting…
CVE-2024-8398 2025-05-15 MEDIUM 4.3 The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
« Anterior Página 1207 de 4310 Siguiente »