Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-10969 2024-11-07 HIGH 7.3 A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2024-7128 2024-07-26 MEDIUM 5.3 A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set,…
CVE-2024-8447 2025-01-02 MEDIUM 5.9 A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join…
CVE-2025-2651 2025-03-23 MEDIUM 5.3 A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to…
CVE-2025-2602 2025-03-21 MEDIUM 6.3 A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The…
CVE-2025-2601 2025-03-21 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The…
CVE-2025-2377 2025-03-17 LOW 3.5 A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation…
CVE-2025-1607 2025-02-24 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The…
CVE-2025-1587 2025-02-23 MEDIUM 5.3 A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of…
CVE-2025-1166 2025-02-11 MEDIUM 6.3 A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The…
CVE-2022-42147 2022-10-17 MEDIUM 6.1 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-42143 2022-10-17 HIGH 7.2 Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.
CVE-2022-42142 2022-10-17 HIGH 7.2 Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.
CVE-2022-42149 2022-10-17 CRITICAL 9.8 kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
CVE-2022-42154 2022-10-17 CRITICAL 9.8 An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-42029 2022-10-17 HIGH 8.8 Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the…
CVE-2022-41594 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41593 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41592 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41588 2022-10-14 HIGH 7.5 The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-41586 2022-10-14 HIGH 7.5 The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-41431 2022-10-17 MEDIUM 5.4 xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2022-41139 2022-10-17 MEDIUM 5.4 MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
CVE-2022-41472 2022-10-17 MEDIUM 5.4 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2022-41471 2022-10-17 MEDIUM 6.5 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
CVE-2022-41580 2022-10-14 CRITICAL 9.8 The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41578 2022-10-14 CRITICAL 9.8 The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
CVE-2022-40844 2022-11-15 MEDIUM 5.4 In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via…
CVE-2022-40606 2022-10-17 MEDIUM 6.1 MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
CVE-2022-40605 2022-10-17 MEDIUM 6.1 MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
CVE-2022-40055 2022-10-17 CRITICAL 9.8 An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.
CVE-2022-3331 2022-10-17 LOW 3.5 An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3…
CVE-2022-3243 2022-10-17 HIGH 7.2 The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL…
CVE-2022-3206 2022-10-17 MEDIUM 5.9 The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at…
CVE-2022-3165 2022-10-17 MEDIUM 6.5 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make…
CVE-2024-3353 2024-04-05 HIGH 7.3 A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/mod_reports/index.php. The…
CVE-2024-2569 2024-03-18 HIGH 7.3 A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The…
CVE-2025-29824 2025-04-08 HIGH 7.8 Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-3244 2025-04-04 MEDIUM 6.3 A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-3151 2025-04-03 HIGH 7.3 A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php.…
CVE-2025-3143 2025-04-03 MEDIUM 6.3 A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-entry.php. The manipulation of the…
CVE-2025-3142 2025-04-03 MEDIUM 6.3 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The…
CVE-2025-2846 2025-03-27 HIGH 7.3 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The…
CVE-2025-3697 2025-04-16 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php.…
CVE-2025-3696 2025-04-16 MEDIUM 6.3 A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /search/search_stock. php. The manipulation of…
CVE-2025-3694 2025-04-16 HIGH 7.3 A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation…
CVE-2025-3315 2025-04-06 HIGH 7.3 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-report.php. The…
CVE-2025-3314 2025-04-06 HIGH 7.3 A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forgotpw.php.…
CVE-2025-45956 2025-04-29 HIGH 8.8 A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter
CVE-2025-3817 2025-04-19 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation…
« Anterior Página 1227 de 4311 Siguiente »