Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-42112 2022-10-18 MEDIUM 5.4 A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before…
CVE-2021-33338 2021-08-04 HIGH 7.5 The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in…
CVE-2021-33337 2021-08-04 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2…
CVE-2021-33339 2021-08-04 MEDIUM 4.8 Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary…
CVE-2021-33336 2021-08-04 MEDIUM 5.4 Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack…
CVE-2021-33335 2021-08-03 HIGH 7.2 Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with…
CVE-2021-33334 2021-08-03 MEDIUM 4.3 The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix…
CVE-2021-33333 2021-08-03 MEDIUM 6.3 The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack…
CVE-2021-33332 2021-08-03 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack…
CVE-2021-33331 2021-08-03 MEDIUM 6.1 Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2…
CVE-2021-33330 2021-08-03 MEDIUM 4.3 Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated…
CVE-2021-33328 2021-08-03 MEDIUM 5.4 Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix…
CVE-2021-33327 2021-08-03 MEDIUM 4.3 The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix…
CVE-2021-33326 2021-08-03 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20…
CVE-2021-33325 2021-08-03 MEDIUM 4.9 The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack…
CVE-2021-33324 2021-08-03 MEDIUM 4.3 The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission…
CVE-2021-33323 2021-08-03 HIGH 7.5 The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values…
CVE-2021-33322 2021-08-03 HIGH 7.5 In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens…
CVE-2021-33320 2021-08-03 MEDIUM 4.3 The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5,…
CVE-2021-29049 2021-06-09 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix…
CVE-2021-29051 2021-05-17 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix…
CVE-2021-29048 2021-05-17 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix…
CVE-2021-29044 2021-05-17 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before…
CVE-2021-29043 2021-05-17 MEDIUM 5.9 The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10…
CVE-2021-29040 2021-05-16 MEDIUM 5.3 The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack…
CVE-2020-15840 2020-09-24 MEDIUM 5.3 In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
CVE-2020-15842 2020-07-20 HIGH 8.1 Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute…
CVE-2020-15841 2020-07-20 HIGH 8.3 Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a…
CVE-2024-13225 2025-01-31 MEDIUM 6.1 The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2025-4222 2025-05-03 MEDIUM 5.9 The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible…
CVE-2024-13222 2025-01-31 MEDIUM 6.1 The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-12275 2025-01-31 MEDIUM 6.1 The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2021-29038 2024-02-20 MEDIUM 6.3 Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not…
CVE-2025-29813 2025-05-08 CRITICAL 10.0 [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-24213 2025-03-31 HIGH 7.8 This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5,…
CVE-2022-3066 2022-10-17 MEDIUM 5.4 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before…
CVE-2022-3060 2022-10-17 HIGH 7.3 Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a…
CVE-2022-3031 2022-10-17 LOW 3.7 An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It…
CVE-2022-3030 2022-10-17 MEDIUM 4.3 An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure…
CVE-2022-2931 2022-10-17 HIGH 7.5 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.…
CVE-2024-5002 2024-07-13 MEDIUM 4.8 The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-5028 2024-07-13 MEDIUM 6.5 The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users…
CVE-2024-5151 2024-07-13 HIGH 7.1 The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-5167 2024-07-13 HIGH 8.1 The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which…
CVE-2024-5442 2024-07-13 MEDIUM 5.9 The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…
CVE-2024-5450 2024-07-13 CRITICAL 9.1 The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files
CVE-2024-5472 2024-07-13 HIGH 7.1 The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-49128 2024-12-12 HIGH 8.1 Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2022-42166 2022-10-17 CRITICAL 9.8 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVE-2022-41751 2022-10-17 HIGH 7.8 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
« Anterior Página 1238 de 4311 Siguiente »