Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-4304	2025-05-06	HIGH	7.3	A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of…
CVE-2025-4306	2025-05-06	HIGH	7.3	A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation…
CVE-2025-4307	2025-05-06	HIGH	7.3	A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation…
CVE-2025-4308	2025-05-06	HIGH	7.3	A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-40625	2025-05-06	CRITICAL	9.8	Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote…
CVE-2024-57097	2025-02-03	MEDIUM	4.8	ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
CVE-2025-40624	2025-05-06	CRITICAL	9.8	SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This…
CVE-2025-40623	2025-05-06	CRITICAL	9.8	SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This…
CVE-2025-0947	2025-02-01	MEDIUM	6.3	A vulnerability, which was classified as critical, has been found in itsourcecode Tailoring Management System 1.0. Affected by this issue is some unknown functionality of the file expview.php.…
CVE-2025-40622	2025-05-06	CRITICAL	9.8	SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This…
CVE-2025-40621	2025-05-06	CRITICAL	9.8	SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This…
CVE-2025-40620	2025-05-06	CRITICAL	9.8	SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This…
CVE-2025-4483	2025-05-09	HIGH	7.3	A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php.…
CVE-2025-4484	2025-05-09	HIGH	7.3	A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the…
CVE-2025-4485	2025-05-09	HIGH	7.3	A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=delete_trainer. The manipulation of the…
CVE-2025-4486	2025-05-09	HIGH	7.3	A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_plan. The manipulation of the…
CVE-2025-4487	2025-05-09	HIGH	7.3	A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. The manipulation of…
CVE-2025-4488	2025-05-09	HIGH	7.3	A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_package.…
CVE-2024-13328	2025-02-04	MEDIUM	6.1	The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13330	2025-02-04	HIGH	7.1	The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-4489	2025-05-09	HIGH	7.3	A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-4490	2025-05-09	HIGH	7.3	A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the…
CVE-2025-4491	2025-05-09	HIGH	7.3	A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument…
CVE-2025-4492	2025-05-09	HIGH	7.3	A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The…
CVE-2025-4506	2025-05-10	HIGH	7.3	A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-4507	2025-05-10	HIGH	7.3	A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the…
CVE-2025-4548	2025-05-11	HIGH	7.3	A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the…
CVE-2025-4549	2025-05-11	HIGH	7.3	A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument…
CVE-2024-13331	2025-02-04	MEDIUM	6.1	The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2025-0466	2025-02-04	MEDIUM	5.3	The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
CVE-2025-24966	2025-02-04	MEDIUM	5.4	reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code.…
CVE-2025-24967	2025-02-04	MEDIUM	5.4	reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this…
CVE-2025-24968	2025-02-04	HIGH	8.8	reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects…
CVE-2025-0725	2025-02-05	HIGH	7.3	When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make…
CVE-2024-6648	2025-05-08	HIGH	7.5	Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing…
CVE-2025-4450	2025-05-09	HIGH	8.8	A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow.…
CVE-2025-4451	2025-05-09	HIGH	8.8	A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads…
CVE-2025-4452	2025-05-09	HIGH	8.8	A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to…
CVE-2025-4453	2025-05-09	MEDIUM	6.3	A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command…
CVE-2025-4454	2025-05-09	MEDIUM	6.3	A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation of the argument mac leads to…
CVE-2024-13226	2025-01-31	MEDIUM	6.1	The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2024-38193	2024-08-13	HIGH	7.8	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-25148	2024-02-08	MEDIUM	5.4	In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the…
CVE-2024-25146	2024-02-08	MEDIUM	5.3	Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with…
CVE-2024-25144	2024-02-08	MEDIUM	4.1	The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack…
CVE-2024-25145	2024-02-07	CRITICAL	9.6	Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before…
CVE-2022-42121	2022-11-15	HIGH	8.8	A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3…
CVE-2022-42118	2022-11-15	MEDIUM	6.1	A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack…
CVE-2022-42111	2022-11-15	MEDIUM	5.4	A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before…
CVE-2022-42110	2022-11-15	MEDIUM	6.1	A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17,…

« Anterior Página 1237 de 4311 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte