Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-45010 2025-04-30 MEDIUM 5.3 A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the…
CVE-2025-45011 2025-04-30 MEDIUM 5.3 A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the…
CVE-2025-45015 2025-04-30 MEDIUM 6.1 A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code…
CVE-2025-45017 2025-04-30 CRITICAL 9.8 A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST…
CVE-2025-45018 2025-04-30 CRITICAL 9.8 A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via…
CVE-2025-45019 2025-04-30 MEDIUM 5.4 A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice…
CVE-2025-45021 2025-04-30 MEDIUM 5.3 A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a…
CVE-2025-4174 2025-05-01 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-4176 2025-05-01 HIGH 7.3 A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The…
CVE-2025-4191 2025-05-02 HIGH 7.3 A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php.…
CVE-2025-4241 2025-05-03 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of…
CVE-2023-6257 2024-04-11 MEDIUM 4.3 The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts…
CVE-2025-4242 2025-05-03 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation…
CVE-2025-4309 2025-05-06 HIGH 7.3 A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-4332 2025-05-06 HIGH 7.3 A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The…
CVE-2023-49334 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
CVE-2023-49333 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
CVE-2024-21791 2024-05-22 MEDIUM 4.7 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.
CVE-2023-49335 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVE-2023-49332 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
CVE-2023-49331 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
CVE-2024-1290 2024-03-11 MEDIUM 6.5 The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid…
CVE-2025-1232 2025-03-19 HIGH 8.8 The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks
CVE-2024-58237 2025-05-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate…
CVE-2025-21839 2025-03-07 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware…
CVE-2024-58100 2025-05-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate…
CVE-2024-58098 2025-05-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers…
CVE-2024-45027 2024-09-11 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop…
CVE-2025-1268 2025-03-31 CRITICAL 9.4 Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus…
CVE-2025-4107 2025-05-08 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4475 2025-05-08 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-26559 2024-02-28 MEDIUM 5.3 An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.
CVE-2022-36677 2024-02-29 MEDIUM 6.1 Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.
CVE-2023-27151 2024-02-29 MEDIUM 6.1 openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.
CVE-2023-51774 2024-02-29 HIGH 8.4 The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass…
CVE-2023-51775 2024-02-29 MEDIUM 6.5 The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2024-25006 2024-02-29 HIGH 8.1 XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.
CVE-2021-38217 2022-10-28 CRITICAL 9.8 SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
CVE-2022-43424 2022-10-19 MEDIUM 5.3 Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent…
CVE-2022-41415 2022-10-19 CRITICAL 9.8 Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via…
CVE-2024-2428 2024-04-10 MEDIUM 4.7 The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above…
CVE-2024-2729 2024-04-18 MEDIUM 6.1 The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored…
CVE-2024-2118 2024-04-17 MEDIUM 5.9 The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-1219 2024-04-17 MEDIUM 5.3 The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow…
CVE-2024-2858 2024-04-15 MEDIUM 4.8 The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions…
CVE-2024-2857 2024-04-15 MEDIUM 6.1 The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them…
CVE-2024-2836 2024-04-15 MEDIUM 4.8 The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2025-1568 2025-04-16 HIGH 8.8 Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and…
CVE-2023-47353 2024-02-06 HIGH 8.8 An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files.
CVE-2022-43416 2022-10-19 HIGH 8.8 Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers…
« Anterior Página 1258 de 4311 Siguiente »