Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-13224 2025-01-31 MEDIUM 6.1 The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…
CVE-2024-13112 2025-01-31 MEDIUM 6.1 The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13101 2025-01-31 MEDIUM 5.4 The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2024-12709 2025-01-30 MEDIUM 4.3 The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions…
CVE-2024-12708 2025-01-30 HIGH 7.1 The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode…
CVE-2024-12638 2025-01-30 HIGH 7.1 The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-10309 2025-01-30 MEDIUM 5.9 The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users…
CVE-2024-12749 2025-01-29 HIGH 7.1 The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-12807 2025-01-28 MEDIUM 4.8 The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-31191 2025-03-31 MEDIUM 5.5 This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma…
CVE-2023-53063 2025-05-02 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-39501 2024-07-12 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-48917 2024-08-22 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37835 2025-05-09 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37795 2025-05-01 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-50016 2024-10-21 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4175 2025-05-01 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.java of the component Upload…
CVE-2025-47770 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47769 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47768 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47767 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47766 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47765 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47764 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47763 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2025-47762 2025-05-10 N/A 0.0 Rejected reason: Not used
CVE-2022-42983 2022-10-17 HIGH 8.8 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
CVE-2022-42980 2022-10-17 CRITICAL 9.8 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
CVE-2022-42975 2022-10-17 HIGH 7.5 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
CVE-2022-42114 2022-10-18 MEDIUM 5.4 A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote…
CVE-2022-42113 2022-10-18 MEDIUM 6.1 A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to…
CVE-2022-41547 2022-10-18 HIGH 7.5 Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary…
CVE-2022-3368 2022-10-17 HIGH 7.3 A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios.…
CVE-2022-42237 2022-10-17 CRITICAL 9.8 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
CVE-2025-46326 2025-04-28 LOW 3.3 snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy…
CVE-2024-32499 2025-04-28 MEDIUM 4.9 Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
CVE-2025-4028 2025-04-28 HIGH 7.3 A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php.…
CVE-2025-4029 2025-04-28 MEDIUM 5.3 A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record…
CVE-2025-4030 2025-04-28 HIGH 7.3 A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /search-report-result.php. The manipulation…
CVE-2025-4031 2025-04-28 HIGH 7.3 A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. The manipulation of…
CVE-2025-34489 2025-04-28 HIGH 7.8 GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload…
CVE-2025-34490 2025-04-28 MEDIUM 6.5 GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary…
CVE-2025-4032 2025-04-28 MEDIUM 5.0 A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_tool.py. The manipulation…
CVE-2025-4033 2025-04-28 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Affected is an unknown function of the file /patient-search-report.php. The manipulation of…
CVE-2025-34491 2025-04-28 HIGH 8.8 GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when…
CVE-2025-3224 2025-04-28 HIGH 7.8 A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update,…
CVE-2025-4034 2025-04-28 HIGH 7.3 A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of…
CVE-2025-4036 2025-04-28 MEDIUM 6.3 A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The…
CVE-2024-10635 2025-04-28 MEDIUM 6.1 Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME…
CVE-2024-11922 2025-04-28 MEDIUM 6.3 Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML…
« Anterior Página 1253 de 4311 Siguiente »