Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-41583 2022-10-14 HIGH 7.5 The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
CVE-2022-41582 2022-10-14 HIGH 7.5 The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41581 2022-10-14 CRITICAL 9.1 The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41577 2022-10-14 HIGH 7.1 The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in…
CVE-2022-41576 2022-10-14 HIGH 7.8 The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
CVE-2022-41539 2022-10-14 HIGH 8.8 Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP…
CVE-2022-33214 2022-10-19 HIGH 8.4 Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-33210 2022-10-19 HIGH 8.4 Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto
CVE-2022-2992 2022-10-17 CRITICAL 9.9 A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution…
CVE-2022-41323 2022-10-16 HIGH 7.5 In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which…
CVE-2022-2884 2022-10-17 CRITICAL 9.9 A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve…
CVE-2017-20149 2022-10-15 CRITICAL 9.8 The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by…
CVE-2024-10858 2024-12-25 MEDIUM 6.1 The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue…
CVE-2024-10903 2024-12-26 MEDIUM 4.7 The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform…
CVE-2024-12941 2024-12-26 MEDIUM 6.3 A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of…
CVE-2024-13688 2025-04-28 MEDIUM 5.3 The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a…
CVE-2024-13685 2025-03-04 MEDIUM 5.3 The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the…
CVE-2024-11644 2024-12-27 MEDIUM 5.9 The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,…
CVE-2024-11921 2024-12-27 MEDIUM 4.8 The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2025-21609 2025-01-03 CRITICAL 9.1 SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An…
CVE-2024-28322 2024-04-26 CRITICAL 9.8 SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.
CVE-2024-3433 2024-04-07 LOW 3.5 A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch…
CVE-2024-3432 2024-04-07 MEDIUM 5.5 A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of…
CVE-2025-30320 2025-05-13 MEDIUM 5.5 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2025-30319 2025-05-13 MEDIUM 5.5 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2025-30318 2025-05-13 HIGH 7.8 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-30310 2025-05-13 HIGH 7.8 Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the…
CVE-2024-11849 2025-01-06 MEDIUM 6.1 The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2025-47204 2025-05-13 MEDIUM 6.1 An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this…
CVE-2025-45857 2025-05-13 CRITICAL 9.8 EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.
CVE-2025-28056 2025-05-13 CRITICAL 9.8 rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.
CVE-2025-28055 2025-05-13 HIGH 7.5 upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit
CVE-2025-24645 2025-04-17 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction allows Reflected XSS. This issue affects Eazy Under Construction: from n/a…
CVE-2025-22756 2025-05-14 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-56526 2025-05-13 HIGH 7.5 An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
CVE-2022-41603 2022-10-14 LOW 3.4 The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41305 2022-10-14 HIGH 7.8 A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could…
CVE-2022-2865 2022-10-17 HIGH 7.3 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit…
CVE-2024-12302 2025-01-06 MEDIUM 6.1 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting…
CVE-2024-12311 2025-01-06 MEDIUM 6.5 The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform…
CVE-2024-10102 2025-01-07 LOW 2.7 The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege…
CVE-2025-30378 2025-05-13 HIGH 7.0 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2024-8855 2025-01-07 CRITICAL 9.8 The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform…
CVE-2024-8857 2025-01-07 MEDIUM 4.8 The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform…
CVE-2025-3819 2025-04-19 HIGH 7.3 A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php.…
CVE-2025-4316 2025-05-05 MEDIUM 4.3 Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific…
CVE-2025-39444 2025-04-17 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3.
CVE-2023-43958 2025-04-22 CRITICAL 9.8 An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary…
CVE-2025-47729 2025-05-08 LOW 1.9 The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage…
CVE-2025-29568 2025-04-24 MEDIUM 4.8 A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class…
« Anterior Página 1231 de 4311 Siguiente »