Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-43963 2025-04-21 LOW 2.9 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
CVE-2025-43962 2025-04-21 LOW 2.9 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
CVE-2025-43961 2025-04-21 LOW 2.9 In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
CVE-2023-7201 2024-04-15 MEDIUM 6.5 The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on…
CVE-2024-1746 2024-04-15 MEDIUM 5.4 The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-1660 2024-04-15 MEDIUM 4.8 The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-2444 2024-04-06 MEDIUM 4.8 The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform…
CVE-2024-3752 2024-05-06 MEDIUM 5.4 The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-0904 2024-05-06 MEDIUM 5.9 The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-3692 2024-05-03 MEDIUM 6.1 The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is…
CVE-2024-3637 2024-05-03 MEDIUM 6.1 The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2025-4043 2025-05-07 MEDIUM 6.8 An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVE-2025-29746 2025-05-07 MEDIUM 6.1 Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components
CVE-2024-25225 2024-02-14 MEDIUM 5.4 A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category…
CVE-2024-25215 2024-02-14 CRITICAL 9.8 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVE-2023-51293 2025-02-19 HIGH 7.5 A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for…
CVE-2023-48733 2024-02-14 MEDIUM 6.7 An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
CVE-2023-32006 2023-08-15 HIGH 8.8 The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the…
CVE-2023-32004 2023-08-15 HIGH 8.8 A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing…
CVE-2022-42176 2022-10-20 HIGH 7.8 In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
CVE-2022-42021 2022-10-20 CRITICAL 9.8 Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.
CVE-2022-42200 2022-10-20 MEDIUM 5.4 Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.
CVE-2022-42199 2022-10-20 HIGH 8.8 Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
CVE-2022-42198 2022-10-20 HIGH 8.8 In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.
CVE-2022-42197 2022-10-20 MEDIUM 6.5 In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
CVE-2022-31678 2022-10-28 CRITICAL 9.1 VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading…
CVE-2022-36122 2022-10-21 HIGH 7.8 The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVE-2022-38108 2022-10-20 HIGH 7.2 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary…
CVE-2022-40084 2022-10-20 MEDIUM 5.3 OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker…
CVE-2022-37298 2022-10-20 CRITICAL 9.8 Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed…
CVE-2022-41358 2022-10-20 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName…
CVE-2022-31366 2022-10-20 HIGH 7.2 An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.
CVE-2025-43967 2025-04-21 LOW 2.9 libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVE-2025-43966 2025-04-21 LOW 2.9 libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVE-2025-43971 2025-04-21 HIGH 8.6 An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVE-2025-43973 2025-04-21 MEDIUM 6.8 An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an…
CVE-2025-43972 2025-04-21 MEDIUM 6.8 An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain…
CVE-2025-1431 2025-03-13 HIGH 7.8 A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-1432 2025-03-13 HIGH 7.8 A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive…
CVE-2025-1433 2025-03-13 HIGH 7.8 A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-1649 2025-03-13 HIGH 7.8 A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-1650 2025-03-13 HIGH 7.8 A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-1651 2025-03-13 HIGH 7.8 A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-1652 2025-03-13 HIGH 7.8 A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-43970 2025-04-21 MEDIUM 4.3 An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending…
CVE-2025-1273 2025-04-15 HIGH 7.8 A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a…
CVE-2025-1275 2025-04-15 HIGH 7.8 A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause…
CVE-2025-1277 2025-04-15 HIGH 7.8 A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in…
CVE-2025-1656 2025-04-15 HIGH 7.8 A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a…
CVE-2025-1430 2025-03-13 HIGH 7.8 A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in…
« Anterior Página 1262 de 4311 Siguiente »