Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47635 2025-05-07 MEDIUM 5.5 Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27.
CVE-2021-47351 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr…
CVE-2021-47352 2024-05-21 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device)…
CVE-2021-47360 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more…
CVE-2021-47365 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a write we want…
CVE-2021-47366 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC…
CVE-2021-47370 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len…
CVE-2021-47374 2024-05-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This…
CVE-2025-3663 2025-04-16 MEDIUM 5.3 A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password…
CVE-2025-3666 2025-04-16 MEDIUM 5.3 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to…
CVE-2025-3667 2025-04-16 MEDIUM 5.3 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper…
CVE-2025-3668 2025-04-16 MEDIUM 5.3 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to…
CVE-2025-3675 2025-04-16 MEDIUM 5.3 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation…
CVE-2025-4122 2025-04-30 MEDIUM 6.3 A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host…
CVE-2025-3859 2025-04-30 MEDIUM 6.1 Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were…
CVE-2025-21416 2025-04-30 HIGH 8.5 Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVE-2025-24091 2025-04-30 MEDIUM 5.5 An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be…
CVE-2025-30389 2025-04-30 HIGH 8.7 Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30390 2025-04-30 CRITICAL 9.9 Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVE-2025-30391 2025-04-30 HIGH 8.1 Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVE-2025-30392 2025-04-30 CRITICAL 9.8 Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33074 2025-04-30 HIGH 7.5 Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVE-2025-44192 2025-04-30 CRITICAL 9.8 SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.
CVE-2024-32127 2024-04-15 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6.
CVE-2025-44193 2025-04-30 HIGH 7.6 SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.
CVE-2024-2583 2024-04-13 MEDIUM 5.4 The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making…
CVE-2025-44194 2025-04-30 HIGH 7.3 SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.
CVE-2025-24132 2025-04-30 MEDIUM 6.5 The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on…
CVE-2025-30422 2025-04-30 MEDIUM 6.5 A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker…
CVE-2025-4140 2025-04-30 HIGH 8.8 A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host…
CVE-2025-4141 2025-04-30 HIGH 8.8 A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow.…
CVE-2025-4142 2025-04-30 HIGH 8.8 A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer…
CVE-2025-4143 2025-05-01 MEDIUM 6.1 The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for…
CVE-2025-4144 2025-05-01 CRITICAL 9.8 PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to…
CVE-2025-4145 2025-05-01 HIGH 8.8 A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to…
CVE-2025-4146 2025-05-01 HIGH 8.8 A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow.…
CVE-2025-4147 2025-05-01 HIGH 8.8 A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads…
CVE-2025-2816 2025-05-01 HIGH 8.1 The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check…
CVE-2025-2168 2025-05-01 MEDIUM 4.3 The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery…
CVE-2025-4148 2025-05-01 HIGH 8.8 A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to…
CVE-2025-43854 2025-04-28 MEDIUM 6.1 DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors…
CVE-2025-43857 2025-04-28 HIGH 7.5 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by…
CVE-2023-42404 2025-04-28 MEDIUM 4.9 OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.
CVE-2025-3891 2025-04-29 MEDIUM 5.3 A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty…
CVE-2025-3929 2025-04-29 MEDIUM 6.1 An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img…
CVE-2025-4065 2025-04-29 HIGH 7.3 A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper…
CVE-2025-4066 2025-04-29 HIGH 7.3 A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to…
CVE-2025-4067 2025-04-29 MEDIUM 5.3 A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls.…
CVE-2025-46675 2025-04-27 LOW 3.5 In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
CVE-2025-46574 2025-04-27 MEDIUM 4.1 There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
« Anterior Página 1245 de 4311 Siguiente »