Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-35737 2024-05-03 HIGH 8.8 D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link…
CVE-2023-35738 2024-05-03 HIGH 8.8 D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link…
CVE-2023-35739 2024-05-03 HIGH 8.8 D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2023-35740 2024-05-03 HIGH 8.8 D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link…
CVE-2023-35741 2024-05-03 HIGH 8.8 D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622…
CVE-2024-3963 2024-07-13 MEDIUM 6.5 The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor…
CVE-2024-3964 2024-07-13 MEDIUM 5.9 The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2023-35724 2024-05-03 HIGH 8.8 D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is…
CVE-2025-0483 2025-01-15 LOW 3.5 A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error…
CVE-2025-0480 2025-01-15 MEDIUM 4.3 A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to…
CVE-2025-29772 2025-03-31 MEDIUM 6.1 OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed.…
CVE-2025-30161 2025-03-31 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone…
CVE-2025-23025 2025-01-14 CRITICAL 9.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not…
CVE-2025-29926 2025-03-19 CRITICAL 9.8 XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the…
CVE-2024-39719 2024-10-31 HIGH 7.5 An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist,…
CVE-2025-0613 2025-03-31 MEDIUM 6.1 The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when…
CVE-2024-10558 2025-03-24 LOW 3.5 The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-39720 2024-10-31 HIGH 8.2 An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the…
CVE-2024-12055 2025-03-20 HIGH 7.5 A vulnerability in Ollama versions
CVE-2024-8063 2025-03-20 HIGH 7.5 A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can…
CVE-2025-23375 2025-04-28 HIGH 7.8 Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…
CVE-2025-23376 2025-04-28 LOW 2.3 Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local…
CVE-2025-23377 2025-04-28 MEDIUM 4.2 Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this…
CVE-2024-39721 2024-10-31 HIGH 7.5 An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set…
CVE-2024-54015 2025-02-11 HIGH 7.5 A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300)…
CVE-2024-56827 2025-01-09 MEDIUM 5.6 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can…
CVE-2024-56826 2025-01-09 MEDIUM 5.6 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can…
CVE-2024-44087 2024-09-10 HIGH 8.6 A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions…
CVE-2021-31895 2021-07-13 HIGH 8.1 A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions…
CVE-2024-1394 2024-03-21 HIGH 7.5 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens…
CVE-2025-47864 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47863 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47862 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47861 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47860 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47859 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47858 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-32152 2025-04-04 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File…
CVE-2025-31789 2025-04-03 MEDIUM 6.5 Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.1.
CVE-2024-8404 2024-09-26 HIGH 7.8 An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login…
CVE-2023-51401 2024-05-17 MEDIUM 6.3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons…
CVE-2024-34241 2024-05-17 MEDIUM 4.8 A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and…
CVE-2024-2218 2024-06-14 MEDIUM 4.6 The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-3965 2024-06-14 MEDIUM 5.4 The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-3993 2024-06-14 MEDIUM 4.6 The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-4271 2024-06-14 MEDIUM 4.6 The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct…
CVE-2024-4480 2024-06-14 MEDIUM 6.1 The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged…
CVE-2024-3236 2024-06-17 MEDIUM 5.4 The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform…
CVE-2024-4305 2024-06-17 MEDIUM 6.8 The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in…
CVE-2024-28595 2024-03-19 CRITICAL 9.8 SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
« Anterior Página 1242 de 4311 Siguiente »