Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-21470 2025-05-06 HIGH 7.8 Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
CVE-2025-21475 2025-05-06 HIGH 7.8 Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVE-2025-22886 2025-05-06 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-25052 2025-05-06 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2025-25218 2025-05-06 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2024-21111 2024-04-16 HIGH 7.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker…
CVE-2024-24265 2024-02-05 HIGH 7.5 gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
CVE-2024-25062 2024-02-04 HIGH 7.5 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML…
CVE-2024-24160 2024-02-02 MEDIUM 5.4 MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.
CVE-2024-13860 2025-05-02 MEDIUM 6.4 The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input…
CVE-2024-13859 2025-05-02 MEDIUM 6.4 The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, and including, 2.8.50 due to insufficient input…
CVE-2024-13847 2025-03-15 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2022-33180 2022-10-25 MEDIUM 5.5 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”,…
CVE-2022-33179 2022-10-25 HIGH 8.8 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells…
CVE-2025-32980 2025-04-25 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2024-20012 2024-02-05 MEDIUM 6.7 In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction…
CVE-2022-28170 2022-10-25 MEDIUM 6.5 Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user…
CVE-2022-28169 2022-10-25 HIGH 8.8 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights,…
CVE-2022-31468 2022-10-25 MEDIUM 6.1 OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
CVE-2024-0239 2024-01-16 MEDIUM 6.1 The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2022-23179 2024-01-16 MEDIUM 4.8 The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow…
CVE-2013-4253 2022-10-19 HIGH 7.5 The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
CVE-2024-0881 2024-04-11 MEDIUM 5.4 The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to…
CVE-2024-3628 2024-05-07 LOW 3.8 The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting…
CVE-2022-43023 2022-10-19 MEDIUM 6.5 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
CVE-2022-43022 2022-10-19 MEDIUM 6.5 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.
CVE-2022-43021 2022-10-19 MEDIUM 6.5 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.
CVE-2022-43020 2022-10-19 MEDIUM 6.5 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.
CVE-2022-43019 2022-10-19 CRITICAL 9.8 OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.
CVE-2022-43018 2022-10-19 MEDIUM 6.1 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.
CVE-2022-43017 2022-10-19 MEDIUM 6.1 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
CVE-2022-43016 2022-10-19 MEDIUM 6.1 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.
CVE-2022-43015 2022-10-19 MEDIUM 6.1 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
CVE-2022-3327 2022-10-20 CRITICAL 9.8 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.
CVE-2022-40885 2022-10-19 MEDIUM 5.5 Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.
CVE-2022-40884 2022-10-19 MEDIUM 5.5 Bento4 1.6.0 has memory leaks via the mp4fragment.
CVE-2022-3586 2022-10-19 MEDIUM 5.5 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field…
CVE-2022-31684 2022-10-19 MEDIUM 4.3 Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens…
CVE-2022-2805 2022-10-19 MEDIUM 6.5 A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient…
CVE-2022-38901 2022-10-19 MEDIUM 5.4 A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary…
CVE-2022-35860 2022-10-19 MEDIUM 6.8 Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
CVE-2022-33077 2022-10-19 HIGH 7.5 An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
CVE-2022-25736 2022-10-19 HIGH 7.5 Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer…
CVE-2022-25720 2022-10-19 CRITICAL 9.8 Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…
CVE-2022-25719 2022-10-19 HIGH 8.2 Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
CVE-2022-25718 2022-10-19 CRITICAL 9.1 Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial…
CVE-2022-25687 2022-10-19 HIGH 7.3 memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…
CVE-2022-23241 2022-10-19 HIGH 8.1 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete…
CVE-2022-23734 2022-10-19 HIGH 8.8 A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an…
CVE-2022-25666 2022-10-19 MEDIUM 6.7 Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
« Anterior Página 1256 de 4311 Siguiente »