Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-10554 2025-03-25 LOW 3.5 The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2022-42080 2022-10-12 HIGH 7.5 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.
CVE-2022-42079 2022-10-12 HIGH 7.5 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.
CVE-2022-42078 2022-10-12 MEDIUM 6.5 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-42077 2022-10-12 MEDIUM 6.5 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-25665 2022-10-19 MEDIUM 6.8 Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CVE-2022-25664 2022-10-19 MEDIUM 6.2 Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…
CVE-2022-25663 2022-10-19 MEDIUM 5.5 Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics…
CVE-2022-41403 2022-10-12 CRITICAL 9.8 OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
CVE-2022-28887 2022-10-12 MEDIUM 4.3 Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
CVE-2022-38388 2022-10-11 MEDIUM 5.5 IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
CVE-2022-25662 2022-10-19 MEDIUM 5.3 Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-22077 2022-10-19 HIGH 8.4 Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
CVE-2021-36369 2022-10-12 HIGH 7.5 An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an…
CVE-2024-10703 2025-03-25 MEDIUM 6.1 The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…
CVE-2024-11272 2025-03-25 MEDIUM 6.1 The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-11273 2025-03-25 MEDIUM 6.1 The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-6024 2024-07-12 HIGH 8.8 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin…
CVE-2024-3026 2024-07-13 MEDIUM 5.4 The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to…
CVE-2025-30326 2025-05-13 HIGH 7.8 Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-30328 2025-05-13 HIGH 7.8 Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
CVE-2025-30329 2025-05-13 MEDIUM 5.5 Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash…
CVE-2025-30330 2025-05-13 HIGH 7.8 Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-43545 2025-05-13 HIGH 7.8 Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43546 2025-05-13 HIGH 7.8 Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-43547 2025-05-13 HIGH 7.8 Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43555 2025-05-13 HIGH 7.8 Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-43556 2025-05-13 HIGH 7.8 Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43557 2025-05-13 HIGH 7.8 Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-4660 2025-05-13 CRITICAL 9.8 A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone…
CVE-2025-45861 2025-05-13 CRITICAL 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.
CVE-2023-20198 2023-10-16 CRITICAL 10.0 Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of…
CVE-2025-45865 2025-05-13 CRITICAL 9.8 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.
CVE-2024-3632 2024-07-13 MEDIUM 6.8 The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-4269 2024-07-13 MEDIUM 6.1 The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to…
CVE-2024-4272 2024-07-13 MEDIUM 6.1 The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to…
CVE-2024-4602 2024-07-13 MEDIUM 5.4 The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-4752 2024-07-13 MEDIUM 5.9 The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2022-42901 2022-10-13 HIGH 7.8 Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and…
CVE-2022-42900 2022-10-13 HIGH 7.8 Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution.…
CVE-2022-42161 2022-10-13 HIGH 8.8 D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.
CVE-2022-42899 2022-10-13 HIGH 7.8 Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure…
CVE-2022-42897 2022-10-13 CRITICAL 9.8 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
CVE-2022-42715 2022-10-12 MEDIUM 6.1 A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
CVE-2022-42711 2022-10-12 CRITICAL 9.6 In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code…
CVE-2022-42087 2022-10-12 MEDIUM 6.5 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2024-5030 2024-11-18 LOW 3.8 The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged…
CVE-2024-52316 2024-11-18 CRITICAL 9.8 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication…
CVE-2024-52317 2024-11-18 MEDIUM 6.5 Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users.…
CVE-2024-52318 2024-11-18 MEDIUM 6.1 Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97,…
« Anterior Página 1222 de 4311 Siguiente »