Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-23978 2024-02-02 CRITICAL 9.8 Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no…
CVE-2024-22520 2024-02-06 HIGH 8.2 An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.
CVE-2024-22240 2024-02-06 MEDIUM 4.9 Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
CVE-2024-22852 2024-02-06 CRITICAL 9.8 D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.
CVE-2024-22667 2024-02-05 HIGH 7.8 Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback…
CVE-2024-22902 2024-02-02 CRITICAL 9.8 Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
CVE-2024-22901 2024-02-02 CRITICAL 9.8 Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
CVE-2024-22239 2024-02-06 MEDIUM 5.3 Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain…
CVE-2024-22237 2024-02-06 HIGH 7.8 Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain…
CVE-2024-22107 2024-02-02 HIGH 7.2 An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse…
CVE-2024-21485 2024-02-02 MEDIUM 6.5 Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0;…
CVE-2024-20904 2024-01-16 MEDIUM 5.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows…
CVE-2024-20813 2024-02-06 HIGH 8.4 Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20812 2024-02-06 HIGH 8.4 Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20007 2024-02-05 HIGH 7.5 In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution…
CVE-2024-20001 2024-02-05 MEDIUM 6.7 In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges…
CVE-2024-1110 2024-02-07 MEDIUM 5.3 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up…
CVE-2024-1284 2024-02-07 CRITICAL 9.8 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2024-0797 2024-02-05 MEDIUM 4.3 The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check…
CVE-2024-0699 2024-02-05 MEDIUM 6.6 The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url'…
CVE-2024-0324 2024-02-05 HIGH 8.2 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2023-6925 2024-02-05 HIGH 7.2 The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions…
CVE-2023-6635 2024-02-05 HIGH 7.2 The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3.…
CVE-2023-7077 2024-02-05 CRITICAL 9.8 Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD,…
CVE-2023-50292 2024-02-09 HIGH 7.5 Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before…
CVE-2023-50291 2024-02-09 HIGH 7.5 Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the…
CVE-2023-5643 2024-02-05 HIGH 7.8 Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged…
CVE-2023-50026 2024-02-09 CRITICAL 9.8 SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via…
CVE-2023-47354 2024-02-06 HIGH 7.8 An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent
CVE-2023-46045 2024-02-02 HIGH 7.8 Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.
CVE-2023-40266 2024-02-08 CRITICAL 9.8 An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
CVE-2023-42282 2024-02-08 CRITICAL 9.8 The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVE-2023-43183 2024-02-03 HIGH 8.8 Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.
CVE-2023-42871 2024-01-10 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute…
CVE-2023-39683 2024-02-09 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is…
CVE-2023-40263 2024-02-08 HIGH 8.8 An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.
CVE-2023-40265 2024-02-08 HIGH 8.8 An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
CVE-2023-38995 2024-02-07 CRITICAL 9.8 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
CVE-2022-38670 2022-10-14 HIGH 7.8 In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
CVE-2022-35040 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.
CVE-2025-3139 2025-04-03 MEDIUM 5.3 A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The…
CVE-2025-3172 2025-04-03 HIGH 7.3 A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php.…
CVE-2025-3175 2025-04-03 HIGH 7.3 A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /save_user_edit_profile.php.…
CVE-2025-3176 2025-04-03 HIGH 7.3 A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The…
CVE-2025-2299 2025-04-03 MEDIUM 6.1 The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or…
CVE-2025-3198 2025-04-04 LOW 3.3 A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component…
CVE-2025-2734 2025-03-25 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation…
CVE-2025-2735 2025-03-25 HIGH 7.3 A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-2736 2025-03-25 HIGH 7.3 A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php.…
CVE-2024-10472 2025-03-25 MEDIUM 5.9 The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform…
« Anterior Página 1221 de 4311 Siguiente »