Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-46055 2024-11-27 MEDIUM 4.8 OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.
CVE-2024-10473 2024-11-28 MEDIUM 5.4 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is…
CVE-2024-10493 2024-11-28 MEDIUM 5.4 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block…
CVE-2024-10896 2024-11-28 MEDIUM 5.4 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor…
CVE-2024-43118 2024-11-01 MEDIUM 4.3 Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.
CVE-2024-10027 2024-11-07 MEDIUM 4.8 The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to…
CVE-2024-20926 2024-01-16 MEDIUM 5.9 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle…
CVE-2022-42906 2022-10-13 HIGH 7.8 powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using…
CVE-2022-42902 2022-10-13 HIGH 8.8 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service…
CVE-2022-42163 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVE-2024-45772 2024-09-30 MEDIUM 5.1 Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt…
CVE-2025-3744 2025-05-13 HIGH 7.6 Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and…
CVE-2024-7982 2024-11-08 CRITICAL 9.6 The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform…
CVE-2024-9874 2024-11-09 MEDIUM 4.9 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to,…
CVE-2024-9835 2024-11-12 MEDIUM 4.8 The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
CVE-2024-9836 2024-11-12 MEDIUM 5.9 The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode…
CVE-2024-10146 2024-11-14 MEDIUM 5.4 The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site…
CVE-2024-9186 2024-11-14 HIGH 8.6 The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in…
CVE-2024-10482 2024-11-21 MEDIUM 5.4 The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow…
CVE-2024-22927 2024-02-01 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-24059 2024-02-01 MEDIUM 5.4 springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.
CVE-2023-5841 2024-02-01 CRITICAL 9.1 Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and…
CVE-2024-20977 2024-01-16 MEDIUM 6.5 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability…
CVE-2024-20948 2024-01-16 MEDIUM 6.1 Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with…
CVE-2022-42221 2022-10-17 HIGH 8.8 Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.
CVE-2022-42171 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVE-2022-42170 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVE-2022-42169 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVE-2022-42168 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVE-2022-42167 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-41500 2022-10-18 HIGH 8.8 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
CVE-2022-42164 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVE-2022-42086 2022-10-12 MEDIUM 6.5 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
CVE-2022-42081 2022-10-12 HIGH 7.5 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.
CVE-2022-41497 2022-10-13 CRITICAL 9.8 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.
CVE-2022-41496 2022-10-13 CRITICAL 9.8 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVE-2022-41495 2022-10-13 CRITICAL 9.8 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.
CVE-2022-41489 2022-10-13 HIGH 8.1 WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability…
CVE-2022-41485 2022-10-13 HIGH 7.5 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-41484 2022-10-13 HIGH 7.5 Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-41483 2022-10-13 HIGH 7.5 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-41479 2022-10-18 HIGH 7.5 The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an…
CVE-2022-41482 2022-10-13 HIGH 7.5 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-41481 2022-10-13 HIGH 7.5 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-41480 2022-10-13 HIGH 7.5 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-38902 2022-10-13 MEDIUM 5.4 A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS…
CVE-2022-35612 2022-10-13 MEDIUM 5.4 A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name…
CVE-2022-35611 2022-10-13 MEDIUM 4.3 A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-35136 2022-10-13 MEDIUM 6.5 Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.
CVE-2022-35135 2022-10-13 HIGH 8.8 Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/.
« Anterior Página 1223 de 4311 Siguiente »