Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-41302 2022-10-14 HIGH 7.8 An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in…
CVE-2022-3139 2022-10-17 MEDIUM 4.8 The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2022-3131 2022-10-17 HIGH 7.2 The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable…
CVE-2022-3126 2022-10-17 MEDIUM 4.3 The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files…
CVE-2022-39128 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39127 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39126 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39125 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39124 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39123 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39122 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2025-2062 2025-03-07 HIGH 7.3 A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the…
CVE-2022-33217 2022-10-19 HIGH 7.8 Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
CVE-2022-39121 2022-10-14 MEDIUM 5.5 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-32177 2022-10-14 CRITICAL 9.0 In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library.…
CVE-2025-2063 2025-03-07 HIGH 7.3 A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation…
CVE-2025-2064 2025-03-07 HIGH 7.3 A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-2065 2025-03-07 HIGH 7.3 A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of…
CVE-2025-2066 2025-03-07 HIGH 7.3 A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of…
CVE-2025-2067 2025-03-07 HIGH 7.3 A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of…
CVE-2024-9638 2025-01-07 MEDIUM 4.8 The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-48245 2025-01-07 HIGH 7.2 Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming…
CVE-2024-7277 2024-07-31 MEDIUM 4.7 A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the…
CVE-2024-7276 2024-07-30 MEDIUM 4.7 A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The…
CVE-2024-7278 2024-07-31 MEDIUM 4.7 A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of…
CVE-2024-45985 2024-09-26 MEDIUM 4.7 A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of…
CVE-2024-45984 2024-09-26 MEDIUM 4.7 A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when…
CVE-2024-10151 2025-01-08 MEDIUM 5.4 The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2024-12585 2025-01-08 MEDIUM 6.1 The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-44587 2024-09-05 HIGH 8.8 itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.
CVE-2024-37871 2024-07-09 HIGH 8.2 SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email…
CVE-2024-10815 2025-01-09 MEDIUM 4.2 The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old…
CVE-2024-37872 2024-07-09 HIGH 8.1 SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2024-12096 2024-12-24 MEDIUM 6.1 The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2024-6235 2024-07-10 HIGH 8.8 Sensitive information disclosure in NetScaler Console
CVE-2025-45867 2025-05-13 MEDIUM 5.4 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVE-2025-45866 2025-05-13 MEDIUM 5.4 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVE-2025-45864 2025-05-13 MEDIUM 5.4 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVE-2025-45859 2025-05-13 MEDIUM 5.4 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVE-2025-44831 2025-05-13 CRITICAL 9.8 EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
CVE-2025-28057 2025-05-13 HIGH 7.2 owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.
CVE-2022-42969 2022-10-16 MEDIUM 5.3 The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data,…
CVE-2022-42968 2022-10-16 CRITICAL 9.8 Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
CVE-2022-42961 2022-10-15 MEDIUM 5.3 An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC…
CVE-2022-42234 2022-10-14 HIGH 8.8 There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2022-41601 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-42071 2022-10-14 MEDIUM 6.1 Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.
CVE-2022-41600 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41585 2022-10-14 HIGH 7.8 The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41584 2022-10-14 HIGH 7.8 The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
« Anterior Página 1230 de 4311 Siguiente »