Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-0566 2024-02-12 HIGH 7.2 The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable…
CVE-2023-7207 2024-02-29 MEDIUM 4.9 Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper…
CVE-2024-0421 2024-02-12 MEDIUM 5.3 The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is…
CVE-2024-0248 2024-02-12 MEDIUM 4.3 The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete…
CVE-2023-6869 2023-12-19 MEDIUM 6.5 A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.…
CVE-2023-50272 2023-12-19 HIGH 7.5 A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow…
CVE-2023-6858 2023-12-19 HIGH 8.8 Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox <…
CVE-2023-6289 2023-12-18 MEDIUM 4.3 The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
CVE-2023-5005 2023-12-18 MEDIUM 4.8 The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow…
CVE-2023-50981 2023-12-18 HIGH 7.5 ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such…
CVE-2023-46344 2024-02-02 MEDIUM 5.4 A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site…
CVE-2023-47257 2024-02-01 HIGH 8.1 ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
CVE-2023-49489 2023-12-19 MEDIUM 6.1 Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
CVE-2023-45230 2024-01-16 HIGH 8.3 EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to…
CVE-2023-40393 2024-01-10 HIGH 7.5 An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album…
CVE-2022-3395 2022-10-25 HIGH 8.8 The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given…
CVE-2022-3246 2022-10-25 HIGH 8.8 The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading…
CVE-2022-3097 2022-10-25 MEDIUM 6.5 The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers…
CVE-2022-3599 2022-10-21 MEDIUM 5.5 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources,…
CVE-2022-3598 2022-10-21 MEDIUM 5.5 LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources,…
CVE-2022-3597 2022-10-21 MEDIUM 5.5 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users…
CVE-2022-38162 2022-10-25 MEDIUM 6.1 Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to…
CVE-2022-36454 2022-10-25 MEDIUM 6.5 A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A…
CVE-2022-36453 2022-10-25 HIGH 8.8 A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls.…
CVE-2022-38870 2022-10-25 HIGH 7.5 Free5gc v3.2.1 is vulnerable to Information disclosure.
CVE-2022-36966 2022-10-20 MEDIUM 5.4 Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in…
CVE-2022-33178 2022-10-25 HIGH 7.2 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade…
CVE-2022-36452 2022-10-25 CRITICAL 9.8 A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker…
CVE-2022-36451 2022-10-25 HIGH 8.8 A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to…
CVE-2022-35739 2022-10-25 MEDIUM 5.3 PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that…
CVE-2022-35132 2022-10-25 HIGH 8.8 Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVE-2021-42553 2022-10-21 MEDIUM 6.8 A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The…
CVE-2024-53255 2024-11-25 MEDIUM 5.4 BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a…
CVE-2025-31175 2025-04-07 HIGH 8.4 Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2025-31174 2025-04-07 MEDIUM 6.8 Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31173 2025-04-07 HIGH 8.8 Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58106 2025-04-07 MEDIUM 4.6 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58107 2025-04-07 HIGH 7.5 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58108 2025-04-07 MEDIUM 4.6 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58126 2025-04-07 HIGH 8.4 Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58127 2025-04-07 HIGH 8.4 Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-31170 2025-04-07 HIGH 8.4 Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-29912 2025-03-17 CRITICAL 9.8 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2025-29913 2025-03-17 CRITICAL 9.8 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2024-58125 2025-04-07 HIGH 8.4 Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58124 2025-04-07 HIGH 8.4 Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58116 2025-04-07 MEDIUM 4.0 Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58115 2025-04-07 MEDIUM 4.0 Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58112 2025-04-07 HIGH 7.5 Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58109 2025-04-07 MEDIUM 4.6 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
« Anterior Página 1270 de 4312 Siguiente »