Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-3765 2025-04-17 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php.…
CVE-2025-3764 2025-04-17 MEDIUM 6.3 A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the…
CVE-2025-4314 2025-05-06 HIGH 7.3 A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The…
CVE-2025-4313 2025-05-06 HIGH 7.3 A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/admin_addnew_product.php. The manipulation of the…
CVE-2025-4312 2025-05-06 HIGH 7.3 A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the file /productdetail.php. The manipulation…
CVE-2025-4283 2025-05-05 HIGH 7.3 A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the…
CVE-2025-4282 2025-05-05 MEDIUM 4.3 A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to…
CVE-2025-4470 2025-05-09 LOW 2.4 A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation…
CVE-2025-4468 2025-05-09 HIGH 7.3 A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The…
CVE-2024-13493 2025-02-14 MEDIUM 4.8 The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-7052 2025-02-14 MEDIUM 4.8 The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored…
CVE-2024-13208 2025-02-15 MEDIUM 4.3 The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2024-13306 2025-02-15 MEDIUM 4.3 The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2024-13603 2025-02-17 MEDIUM 6.1 The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via…
CVE-2024-13608 2025-02-17 MEDIUM 4.7 The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-13625 2025-02-17 HIGH 7.1 The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2024-10939 2024-12-13 MEDIUM 4.8 The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to…
CVE-2024-5333 2024-12-16 MEDIUM 5.3 The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
CVE-2023-52030 2024-01-11 CRITICAL 9.8 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
CVE-2023-50930 2024-01-09 HIGH 8.3 An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a…
CVE-2023-47996 2024-01-09 MEDIUM 6.5 An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2022-41587 2022-10-14 MEDIUM 5.3 Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.
CVE-2024-10892 2024-12-18 MEDIUM 5.4 The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted…
CVE-2025-4077 2025-04-29 MEDIUM 5.3 A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based…
CVE-2025-4080 2025-04-29 MEDIUM 6.3 A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php.…
CVE-2025-30202 2025-04-30 HIGH 7.5 vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data…
CVE-2025-2907 2025-04-26 CRITICAL 9.8 The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options…
CVE-2025-3998 2025-04-28 HIGH 7.3 A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID…
CVE-2025-4021 2025-04-28 MEDIUM 6.3 A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation…
CVE-2025-4022 2025-04-28 MEDIUM 6.3 A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation…
CVE-2022-41597 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41595 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-3158 2022-10-17 HIGH 8.8 Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter…
CVE-2025-4023 2025-04-28 HIGH 7.3 A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation…
CVE-2015-2079 2025-04-28 CRITICAL 9.9 Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
CVE-2022-41871 2025-04-28 MEDIUM 6.0 SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
CVE-2024-57439 2025-01-29 MEDIUM 4.9 An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of…
CVE-2024-57438 2025-01-29 MEDIUM 5.4 Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
CVE-2024-57437 2025-01-29 MEDIUM 6.5 RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
CVE-2024-57436 2025-01-29 HIGH 7.2 RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin…
CVE-2024-54762 2025-01-09 MEDIUM 6.3 Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of…
CVE-2024-42900 2024-08-28 MEDIUM 6.1 Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.
CVE-2024-6511 2024-07-04 LOW 3.5 A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation…
CVE-2024-9355 2024-10-01 MEDIUM 6.5 A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be…
CVE-2024-24981 2024-05-16 HIGH 7.5 Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local…
CVE-2024-29400 2024-04-12 HIGH 7.5 An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.
CVE-2024-2907 2024-04-25 MEDIUM 6.8 The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-3048 2024-04-26 MEDIUM 5.5 The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege…
CVE-2024-3188 2024-04-26 MEDIUM 6.3 The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post…
CVE-2023-5971 2024-05-14 MEDIUM 4.8 The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as…
« Anterior Página 1228 de 4311 Siguiente »