Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-37867 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc() warning syzkaller triggered an oversized kvmalloc() warning. Silence it by adding __GFP_NOWARN. syzkaller log:…
CVE-2025-37866 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() A warning is seen when running the latest kernel on a BlueField SOC:…
CVE-2025-37865 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the…
CVE-2025-37864 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit…
CVE-2025-37863 2025-05-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer,…
CVE-2025-4350 2025-05-06 HIGH 8.8 A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command…
CVE-2025-4349 2025-05-06 HIGH 8.8 A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command…
CVE-2025-4348 2025-05-06 HIGH 8.8 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the…
CVE-2025-4347 2025-05-06 HIGH 8.8 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the…
CVE-2025-4346 2025-05-06 HIGH 8.8 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads…
CVE-2025-4345 2025-05-06 HIGH 8.8 A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to…
CVE-2025-4344 2025-05-06 HIGH 8.8 A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to…
CVE-2024-12136 2025-03-19 MEDIUM 6.9 Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the…
CVE-2025-30290 2025-04-08 HIGH 8.7 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a…
CVE-2025-3927 2025-05-02 CRITICAL 9.8 Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting…
CVE-2025-32956 2025-04-21 HIGH 8.0 ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a…
CVE-2025-26413 2025-04-22 HIGH 7.5 Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a…
CVE-2025-1860 2025-03-28 HIGH 7.7 Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
CVE-2025-25351 2025-02-12 CRITICAL 9.8 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
CVE-2025-0427 2025-05-02 HIGH 7.8 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a…
CVE-2025-0072 2025-05-02 HIGH 7.8 Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform…
CVE-2024-25301 2024-02-14 HIGH 7.2 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVE-2024-21683 2024-05-21 HIGH 8.8 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS…
CVE-2024-25224 2024-02-14 MEDIUM 5.4 A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size…
CVE-2024-25223 2024-02-14 CRITICAL 9.8 Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
CVE-2023-22514 2024-01-16 HIGH 7.8 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with…
CVE-2023-22512 2024-01-16 HIGH 7.5 This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows…
CVE-2025-28099 2025-04-21 MEDIUM 4.3 opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
CVE-2024-57394 2025-04-21 HIGH 8.8 The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write…
CVE-2024-25221 2024-02-14 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section…
CVE-2024-25220 2024-02-14 CRITICAL 9.8 Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVE-2024-25213 2024-02-14 HIGH 7.2 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
CVE-2024-25211 2024-02-14 CRITICAL 9.8 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.
CVE-2024-25210 2024-02-14 CRITICAL 9.8 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.
CVE-2024-25209 2024-02-14 CRITICAL 9.8 Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVE-2024-25207 2024-02-14 MEDIUM 5.4 Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary…
CVE-2023-6066 2024-01-15 MEDIUM 4.3 The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow…
CVE-2023-50868 2024-02-14 HIGH 7.5 The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU…
CVE-2023-50387 2024-02-14 HIGH 7.5 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via…
CVE-2023-24542 2024-02-14 MEDIUM 6.7 Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via…
CVE-2023-22342 2024-02-14 HIGH 7.7 Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-43260 2022-10-18 CRITICAL 9.8 Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.
CVE-2022-43259 2022-10-18 HIGH 7.5 Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.
CVE-2021-24870 2024-01-16 MEDIUM 6.1 The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available…
CVE-2020-24855 2022-12-15 MEDIUM 5.3 Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.
CVE-2024-6669 2024-07-17 MEDIUM 5.5 The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due…
CVE-2024-22309 2024-01-24 HIGH 8.7 Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2023-48741 2023-12-19 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
CVE-2023-5606 2023-11-02 MEDIUM 4.4 The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This…
CVE-2023-5534 2023-10-20 MEDIUM 4.3 The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect…
« Anterior Página 1251 de 4311 Siguiente »