Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-22247 2025-05-12 MEDIUM 6.1 VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within…
CVE-2025-2170 2025-04-30 HIGH 7.2 A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to…
CVE-2022-3151 2022-10-17 MEDIUM 4.3 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin…
CVE-2022-3150 2022-10-17 HIGH 7.2 The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection…
CVE-2024-3239 2024-05-14 MEDIUM 5.4 The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in…
CVE-2024-3582 2024-05-14 MEDIUM 4.8 The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2024-3590 2024-05-14 MEDIUM 6.1 The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF…
CVE-2024-3903 2024-05-14 HIGH 7.1 The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could…
CVE-2025-22222 2025-01-30 HIGH 7.7 VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential…
CVE-2024-3241 2024-05-14 MEDIUM 5.4 The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is…
CVE-2025-22221 2025-01-30 MEDIUM 5.2 VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a…
CVE-2025-22220 2025-01-30 MEDIUM 4.3 VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform…
CVE-2025-22219 2025-01-30 MEDIUM 6.8 VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored…
CVE-2025-22218 2025-01-30 HIGH 8.5 VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated…
CVE-2024-38830 2024-11-26 HIGH 7.8 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance…
CVE-2024-38831 2024-11-26 HIGH 7.8 VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a…
CVE-2024-10555 2024-12-20 MEDIUM 4.8 The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-2673 2025-03-24 LOW 3.5 A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument…
CVE-2024-38832 2024-11-26 HIGH 7.1 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting…
CVE-2024-38833 2024-11-26 MEDIUM 6.8 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the…
CVE-2024-38834 2024-11-26 MEDIUM 6.5 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site…
CVE-2025-2672 2025-03-23 MEDIUM 6.3 A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation…
CVE-2024-11108 2024-12-20 MEDIUM 5.4 The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2025-2984 2025-03-31 MEDIUM 6.3 A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation…
CVE-2025-2985 2025-03-31 MEDIUM 6.3 A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of…
CVE-2025-3038 2025-03-31 MEDIUM 6.3 A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the…
CVE-2025-3039 2025-03-31 MEDIUM 6.3 A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of…
CVE-2025-3134 2025-04-03 MEDIUM 6.3 A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument…
CVE-2025-2854 2025-03-27 MEDIUM 6.3 A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of…
CVE-2024-8968 2024-12-20 MEDIUM 4.7 The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-11607 2024-12-21 MEDIUM 6.1 The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2022-42067 2022-10-14 MEDIUM 4.3 Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability
CVE-2022-42070 2022-10-14 HIGH 8.8 Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2022-42069 2022-10-14 MEDIUM 5.4 Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.
CVE-2022-42066 2022-10-14 MEDIUM 6.1 Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.
CVE-2022-42064 2022-10-14 CRITICAL 9.8 Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
CVE-2022-41598 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41589 2022-10-14 HIGH 7.5 The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
CVE-2022-41536 2022-10-14 HIGH 7.2 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.
CVE-2022-41538 2022-10-14 HIGH 8.8 Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP…
CVE-2022-41436 2022-10-14 CRITICAL 9.1 An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.
CVE-2022-41416 2022-10-14 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.
CVE-2022-41477 2022-10-14 CRITICAL 9.1 A security issue was discovered in WeBid
CVE-2022-41308 2022-10-14 HIGH 7.8 A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could…
CVE-2022-41535 2022-10-14 HIGH 7.2 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.
CVE-2022-3149 2022-10-17 MEDIUM 6.1 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged…
CVE-2022-41307 2022-10-14 HIGH 7.8 A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could…
CVE-2022-41306 2022-10-14 HIGH 7.8 A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could…
CVE-2022-41304 2022-10-14 HIGH 7.8 An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.
CVE-2022-41303 2022-10-14 HIGH 7.8 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference…
« Anterior Página 1229 de 4311 Siguiente »