Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-3006 2025-03-31 HIGH 7.3 A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of…
CVE-2025-2371 2025-03-17 LOW 3.5 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the…
CVE-2025-2372 2025-03-17 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component…
CVE-2025-2373 2025-03-17 MEDIUM 6.3 A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the…
CVE-2025-2374 2025-03-17 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php.…
CVE-2025-2375 2025-03-17 LOW 3.5 A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the…
CVE-2025-4303 2025-05-06 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown functionality of the…
CVE-2025-1954 2025-03-04 HIGH 7.3 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-2051 2025-03-07 MEDIUM 6.3 A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-visitor.php. The manipulation of…
CVE-2025-2052 2025-03-07 MEDIUM 6.3 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of…
CVE-2025-2053 2025-03-07 MEDIUM 6.3 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /visitor-detail.php. The manipulation…
CVE-2025-2057 2025-03-07 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of…
CVE-2025-2058 2025-03-07 HIGH 7.3 A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php.…
CVE-2025-23213 2025-01-28 HIGH 8.7 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both…
CVE-2025-23212 2025-01-28 HIGH 7.7 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of…
CVE-2024-3472 2024-05-02 MEDIUM 5.9 The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin…
CVE-2024-3471 2024-05-02 LOW 3.4 The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete…
CVE-2025-23211 2025-01-28 CRITICAL 9.9 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In…
CVE-2024-2405 2024-05-02 MEDIUM 4.5 The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu…
CVE-2024-12436 2025-01-27 MEDIUM 4.3 The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions…
CVE-2024-12280 2025-01-27 MEDIUM 4.3 The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in…
CVE-2023-50347 2024-04-10 LOW 3.7 HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary…
CVE-2024-3591 2024-05-01 MEDIUM 6.5 The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP…
CVE-2024-2505 2024-04-29 HIGH 8.1 The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged…
CVE-2024-2908 2024-04-26 MEDIUM 4.3 The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-2310 2024-04-26 MEDIUM 5.9 The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-28168 2025-05-05 MEDIUM 6.4 The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the…
CVE-2024-1059 2024-01-30 HIGH 8.8 Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security…
CVE-2020-9285 2022-10-20 MEDIUM 6.8 Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot…
CVE-2022-26954 2022-10-20 MEDIUM 6.1 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed…
CVE-2021-33231 2022-10-20 MEDIUM 5.4 Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.
CVE-2020-12744 2022-10-20 HIGH 7.8 The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2024-49561 2025-03-17 HIGH 7.8 Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…
CVE-2020-2920 2020-04-15 MEDIUM 6.1 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). Supported versions that are affected are 9.3.3, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated…
CVE-2024-3481 2024-05-02 MEDIUM 5.2 The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions,…
CVE-2024-3478 2024-05-02 MEDIUM 6.1 The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions,…
CVE-2024-3477 2024-05-02 MEDIUM 4.3 The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions,…
CVE-2024-3476 2024-05-02 HIGH 8.8 The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted…
CVE-2024-3475 2024-05-02 HIGH 7.5 The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions,…
CVE-2025-28221 2025-03-28 HIGH 7.5 Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary…
CVE-2024-27612 2024-03-08 MEDIUM 6.2 Numbas editor before 7.3 mishandles editing of themes and extensions.
CVE-2024-25842 2024-03-03 HIGH 7.5 An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate…
CVE-2023-30586 2023-07-01 HIGH 7.5 A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission…
CVE-2023-23918 2023-02-23 HIGH 7.5 A privilege escalation vulnerability exists in Node.js
CVE-2024-25925 2024-02-26 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts:…
CVE-2024-25913 2024-02-26 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
CVE-2023-4479 2024-03-04 HIGH 7.3 Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
CVE-2022-43890 2024-03-04 MEDIUM 5.3 IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID:…
CVE-2023-37495 2024-02-29 MEDIUM 5.9 Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured…
CVE-2025-43964 2025-04-21 LOW 2.9 In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
« Anterior Página 1261 de 4311 Siguiente »