Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-1414 2022-10-19 HIGH 8.8 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain…
CVE-2020-23648 2022-10-19 HIGH 7.5 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.
CVE-2016-20016 2022-10-19 CRITICAL 9.8 MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary…
CVE-2013-4281 2022-10-19 MEDIUM 5.5 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker…
CVE-2024-4098 2024-06-20 CRITICAL 9.8 The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to…
CVE-2024-2695 2024-06-15 MEDIUM 6.4 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient…
CVE-2024-1450 2024-03-21 MEDIUM 6.4 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient…
CVE-2024-0966 2024-03-21 MEDIUM 6.4 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient…
CVE-2024-29109 2024-03-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through…
CVE-2023-6500 2024-03-21 MEDIUM 6.4 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient…
CVE-2023-6067 2024-04-15 MEDIUM 5.4 The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-6047 2024-06-17 CRITICAL 9.8 Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands…
CVE-2024-11120 2024-11-15 CRITICAL 9.8 Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover,…
CVE-2025-45388 2025-05-07 MEDIUM 6.1 Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user…
CVE-2022-43415 2022-10-19 HIGH 7.5 Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-43045 2022-10-19 MEDIUM 5.5 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
CVE-2022-43044 2022-10-19 MEDIUM 5.5 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
CVE-2022-43043 2022-10-19 MEDIUM 5.5 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
CVE-2022-43026 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.
CVE-2022-43025 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.
CVE-2022-43042 2022-10-19 HIGH 7.8 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43040 2022-10-19 HIGH 7.8 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
CVE-2022-43024 2022-10-19 CRITICAL 9.8 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
CVE-2024-39841 2024-08-23 HIGH 8.8 A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-33854 2024-08-23 CRITICAL 9.1 A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-33853 2024-08-23 CRITICAL 9.1 A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-33852 2024-08-23 CRITICAL 9.1 A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-32501 2024-08-23 CRITICAL 9.8 A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-52739 2024-11-20 HIGH 8.0 D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
CVE-2024-51478 2024-10-31 CRITICAL 9.9 YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key…
CVE-2025-24017 2025-01-21 HIGH 7.6 YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's…
CVE-2025-24019 2025-01-21 HIGH 7.1 YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager…
CVE-2025-31131 2025-04-01 HIGH 8.6 YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability…
CVE-2025-24018 2025-01-21 HIGH 7.6 YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page…
CVE-2025-46550 2025-04-29 MEDIUM 4.3 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a…
CVE-2025-46549 2025-04-29 MEDIUM 4.3 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user…
CVE-2025-46348 2025-04-29 CRITICAL 10.0 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives…
CVE-2025-46350 2025-04-29 LOW 3.5 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user…
CVE-2025-46349 2025-04-29 HIGH 7.6 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious…
CVE-2025-46347 2025-04-29 CRITICAL 9.8 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a…
CVE-2025-46346 2025-04-29 MEDIUM 5.4 YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows…
CVE-2025-4073 2025-04-29 HIGH 7.3 A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of…
CVE-2025-4072 2025-04-29 MEDIUM 6.3 A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads…
CVE-2025-4071 2025-04-29 HIGH 7.3 A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of…
CVE-2025-4070 2025-04-29 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of…
CVE-2025-4074 2025-04-29 HIGH 7.3 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-3471 2025-04-30 MEDIUM 4.9 The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to…
CVE-2025-45007 2025-04-30 MEDIUM 4.8 A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code…
CVE-2025-45020 2025-04-30 HIGH 7.2 A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via…
CVE-2025-45009 2025-04-30 MEDIUM 5.3 A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the…
« Anterior Página 1257 de 4311 Siguiente »