Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-2963 2022-10-14 HIGH 7.5 A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
CVE-2022-2850 2022-10-14 MEDIUM 6.5 A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This…
CVE-2022-2780 2022-10-14 HIGH 8.1 In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the…
CVE-2022-25660 2022-10-19 HIGH 7.8 Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2024-7056 2024-11-25 MEDIUM 4.8 The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site…
CVE-2024-10471 2024-11-26 MEDIUM 4.8 The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-46054 2024-11-27 CRITICAL 9.8 OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.
CVE-2024-3405 2024-05-15 HIGH 7.6 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-3406 2024-05-15 HIGH 8.8 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in…
CVE-2024-3407 2024-05-15 MEDIUM 5.3 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via…
CVE-2024-3629 2024-05-15 LOW 2.4 The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2022-39117 2022-10-14 MEDIUM 5.5 In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-39115 2022-10-14 MEDIUM 5.5 In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
CVE-2022-39114 2022-10-14 MEDIUM 5.5 In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
CVE-2022-39112 2022-10-14 MEDIUM 5.5 In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.
CVE-2022-41199 2022-10-11 HIGH 7.8 Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise…
CVE-2022-39111 2022-10-14 HIGH 7.8 In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
CVE-2022-39110 2022-10-14 HIGH 7.8 In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
CVE-2022-39065 2022-10-14 MEDIUM 6.5 A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote…
CVE-2022-38986 2022-10-14 CRITICAL 9.1 The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the…
CVE-2022-2828 2022-10-13 MEDIUM 6.5 In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
CVE-2024-3630 2024-05-15 MEDIUM 5.4 The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-2220 2024-05-23 LOW 3.5 The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-3631 2024-05-15 MEDIUM 4.3 The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions…
CVE-2024-3748 2024-05-15 MEDIUM 6.5 The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear…
CVE-2024-3749 2024-05-15 MEDIUM 6.5 The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another…
CVE-2024-1204 2024-04-15 MEDIUM 4.3 The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.
CVE-2024-3822 2024-05-15 MEDIUM 4.8 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-3823 2024-05-15 LOW 2.4 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers…
CVE-2024-3824 2024-05-15 MEDIUM 5.5 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin…
CVE-2023-35723 2024-05-03 HIGH 8.8 D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is…
CVE-2023-41230 2024-05-03 HIGH 8.8 D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040…
CVE-2023-41229 2024-05-03 HIGH 8.8 D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040…
CVE-2023-41228 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41227 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41226 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41225 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41224 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetDeviceSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41223 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers.…
CVE-2023-41221 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41220 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41219 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41218 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41217 2024-05-03 HIGH 7.1 D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers.…
CVE-2023-41216 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-41222 2024-05-03 MEDIUM 6.8 D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication…
CVE-2023-5677 2024-02-05 MEDIUM 6.3 Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a…
CVE-2024-46076 2024-10-07 CRITICAL 9.8 RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
CVE-2025-4467 2025-05-09 HIGH 7.3 A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation…
CVE-2025-4358 2025-05-06 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the…
« Anterior Página 1226 de 4311 Siguiente »