Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-45239 2025-05-05 MEDIUM 5.3 An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
CVE-2025-28062 2025-05-05 HIGH 8.1 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets,…
CVE-2025-26599 2025-02-25 HIGH 7.8 An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case,…
CVE-2025-26598 2025-02-25 HIGH 7.8 An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value,…
CVE-2025-26597 2025-02-25 HIGH 7.8 A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but…
CVE-2025-26596 2025-02-25 HIGH 7.8 A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to…
CVE-2025-26595 2025-02-25 HIGH 7.8 A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual…
CVE-2025-26594 2025-02-25 HIGH 7.8 A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root…
CVE-2024-48766 2025-05-13 HIGH 8.6 NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited…
CVE-2024-46506 2025-05-13 CRITICAL 10.0 NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This…
CVE-2025-0690 2025-02-24 MEDIUM 6.1 The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further…
CVE-2025-0677 2025-02-19 MEDIUM 6.4 A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the…
CVE-2025-0622 2025-02-18 MEDIUM 6.4 A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker…
CVE-2024-45783 2025-02-18 MEDIUM 4.4 A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to…
CVE-2024-9632 2024-10-30 HIGH 7.8 A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition…
CVE-2024-45781 2025-02-18 MEDIUM 6.7 A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The…
CVE-2024-45776 2025-02-18 MEDIUM 6.7 When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer…
CVE-2024-45775 2025-02-18 MEDIUM 5.2 A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the…
CVE-2024-45774 2025-02-18 MEDIUM 6.7 A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting…
CVE-2023-45892 2024-01-02 HIGH 7.5 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
CVE-2022-43968 2022-11-14 MEDIUM 6.1 Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to…
CVE-2022-42060 2022-11-15 HIGH 7.5 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS)…
CVE-2022-43695 2022-11-14 MEDIUM 4.8 Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity…
CVE-2022-43967 2022-11-14 MEDIUM 6.1 Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to…
CVE-2022-43295 2022-11-14 MEDIUM 5.5 XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
CVE-2022-41544 2022-10-18 CRITICAL 9.8 GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
CVE-2022-40845 2022-11-15 MEDIUM 6.5 The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to…
CVE-2022-2908 2022-10-17 MEDIUM 4.3 A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before…
CVE-2022-2630 2022-10-17 MEDIUM 4.3 An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via…
CVE-2022-2592 2022-10-17 MEDIUM 6.5 A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an…
CVE-2022-2834 2022-10-17 MEDIUM 5.3 The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and…
CVE-2022-2574 2022-10-17 MEDIUM 4.8 The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2022-2533 2022-10-17 MEDIUM 6.5 An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before…
CVE-2022-2527 2022-10-17 HIGH 7.3 An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions…
CVE-2022-2455 2022-10-17 MEDIUM 6.5 A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all…
CVE-2022-2428 2022-10-17 MEDIUM 6.4 A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue…
CVE-2022-28291 2022-10-17 MEDIUM 6.5 Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are…
CVE-2022-2563 2022-10-17 MEDIUM 4.8 The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
CVE-2022-25750 2022-10-19 HIGH 8.4 Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
CVE-2022-25723 2022-10-19 HIGH 8.4 Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
CVE-2025-2658 2025-03-23 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the…
CVE-2025-2663 2025-03-23 HIGH 7.3 A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php.…
CVE-2025-2664 2025-03-23 MEDIUM 4.7 A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation…
CVE-2025-4311 2025-05-06 HIGH 7.3 A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id…
CVE-2024-13124 2025-03-24 LOW 3.5 The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-4298 2025-05-06 HIGH 8.8 A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation…
CVE-2025-4299 2025-05-06 HIGH 8.8 A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation…
CVE-2025-44074 2025-05-05 CRITICAL 9.8 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
CVE-2025-44072 2025-05-05 CRITICAL 9.8 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
CVE-2025-44071 2025-05-05 CRITICAL 9.8 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
« Anterior Página 1234 de 4311 Siguiente »