Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-42720 2022-10-14 HIGH 7.8 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to…
CVE-2022-42719 2022-10-13 HIGH 8.8 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject…
CVE-2022-32149 2022-10-14 HIGH 7.5 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
CVE-2024-57598 2025-02-05 MEDIUM 6.5 A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.
CVE-2024-25839 2024-03-03 HIGH 7.5 An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.
CVE-2024-24302 2024-03-03 CRITICAL 9.8 An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive…
CVE-2024-24307 2024-03-03 HIGH 7.5 Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the…
CVE-2024-25438 2024-03-01 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
CVE-2024-27734 2024-03-01 MEDIUM 6.1 A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site…
CVE-2024-25843 2024-02-27 CRITICAL 9.8 In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in…
CVE-2024-13896 2025-04-10 MEDIUM 6.5 The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to…
CVE-2024-13628 2025-02-26 MEDIUM 6.1 The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-13624 2025-02-26 HIGH 7.1 The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-13571 2025-02-26 HIGH 7.1 The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13113 2025-02-26 MEDIUM 5.9 The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a…
CVE-2024-12878 2025-02-26 HIGH 7.1 The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-10483 2025-02-26 HIGH 7.1 The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVE-2024-10152 2025-02-26 HIGH 7.1 The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a…
CVE-2024-10545 2025-02-25 LOW 3.5 The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as…
CVE-2024-12173 2025-02-19 LOW 3.5 The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to…
CVE-2025-4059 2025-04-29 MEDIUM 5.3 A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument…
CVE-2025-4058 2025-04-29 HIGH 7.3 A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument…
CVE-2025-3250 2025-04-04 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the…
CVE-2025-1964 2025-03-05 HIGH 7.3 A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulation…
CVE-2024-25419 2024-02-11 HIGH 8.8 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
CVE-2024-25418 2024-02-11 HIGH 8.8 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
CVE-2024-25447 2024-02-09 HIGH 8.8 An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVE-2024-25443 2024-02-09 HIGH 7.8 An issue in the HuginBase::ImageVariable::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.
CVE-2024-25315 2024-02-09 CRITICAL 9.8 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
CVE-2024-25314 2024-02-09 CRITICAL 9.8 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
CVE-2024-25305 2024-02-09 HIGH 8.8 Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
CVE-2024-25304 2024-02-09 HIGH 8.8 Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
CVE-2024-25004 2024-02-09 HIGH 7.8 KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This…
CVE-2024-24680 2024-02-06 HIGH 7.5 An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack…
CVE-2024-24940 2024-02-06 LOW 2.8 In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVE-2024-24543 2024-02-05 CRITICAL 9.8 Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code…
CVE-2024-24495 2024-02-08 CRITICAL 9.8 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
CVE-2024-24494 2024-02-08 MEDIUM 6.1 Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat…
CVE-2024-24398 2024-02-06 CRITICAL 9.8 Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the…
CVE-2024-24468 2024-02-05 HIGH 8.8 Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
CVE-2024-24397 2024-02-05 MEDIUM 5.4 Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
CVE-2024-24393 2024-02-08 CRITICAL 9.8 File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.
CVE-2024-24113 2024-02-08 HIGH 8.8 xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVE-2024-24018 2024-02-08 CRITICAL 9.8 A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
CVE-2024-24001 2024-02-07 CRITICAL 9.8 jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.
CVE-2024-24259 2024-02-05 HIGH 7.5 freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
CVE-2024-23749 2024-02-09 HIGH 7.8 KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and…
CVE-2024-23756 2024-02-08 HIGH 7.5 The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to…
CVE-2024-23660 2024-02-08 HIGH 7.5 The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is…
CVE-2024-23764 2024-02-08 MEDIUM 6.7 Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and…
« Anterior Página 1220 de 4311 Siguiente »