Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-58110 2025-04-07 MEDIUM 4.6 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58111 2025-04-07 HIGH 7.5 Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58113 2025-04-07 MEDIUM 5.3 Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-36011 2024-05-23 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().
CVE-2023-52752 2024-05-21 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status ==…
CVE-2024-26676 2024-04-02 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. syzbot reported a warning [0] in __unix_gc() with a repro,…
CVE-2022-42939 2022-10-21 HIGH 7.8 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution…
CVE-2022-42938 2022-10-21 HIGH 7.8 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution…
CVE-2022-41711 2022-10-25 CRITICAL 9.8 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data…
CVE-2022-42937 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-42936 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-42935 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-42934 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-42933 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-3644 2022-10-25 MEDIUM 5.5 The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking…
CVE-2022-36783 2022-10-25 MEDIUM 6.5 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from…
CVE-2022-3570 2022-10-21 HIGH 7.7 Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file…
CVE-2024-13381 2025-05-01 MEDIUM 4.8 The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2025-31171 2025-04-07 MEDIUM 6.8 File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31172 2025-04-07 HIGH 7.8 Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-4151 2025-05-01 HIGH 7.3 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The…
CVE-2025-4152 2025-05-01 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the…
CVE-2025-21530 2025-01-21 MEDIUM 4.3 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged…
CVE-2025-21545 2025-01-21 HIGH 7.5 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with…
CVE-2025-21551 2025-01-21 MEDIUM 6.0 Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with…
CVE-2025-24399 2025-01-22 HIGH 8.8 Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log…
CVE-2025-0709 2025-01-24 LOW 2.4 A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page.…
CVE-2025-4153 2025-05-01 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation…
CVE-2025-4154 2025-05-01 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this issue is some unknown functionality of the file /admin/enrollment-details.php.…
CVE-2025-4155 2025-05-01 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the…
CVE-2025-1749 2025-02-28 MEDIUM 4.7 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL…
CVE-2025-1748 2025-02-28 MEDIUM 4.7 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL…
CVE-2025-1747 2025-02-28 MEDIUM 4.7 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL…
CVE-2025-1746 2025-02-28 MEDIUM 6.1 Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious…
CVE-2025-4156 2025-05-01 MEDIUM 6.3 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the…
CVE-2025-4157 2025-05-01 MEDIUM 6.3 A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the…
CVE-2024-13569 2025-04-22 HIGH 7.1 The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2025-2594 2025-04-22 HIGH 8.1 The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate…
CVE-2025-46225 2025-04-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for…
CVE-2025-46226 2025-04-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.
CVE-2025-46227 2025-04-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through…
CVE-2024-13326 2025-02-04 MEDIUM 6.1 The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2025-45751 2025-05-05 MEDIUM 6.1 SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.
CVE-2022-32407 2022-10-27 MEDIUM 6.1 Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to…
CVE-2022-31898 2022-10-27 MEDIUM 6.8 gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
CVE-2022-3363 2022-10-26 CRITICAL 9.8 Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.
CVE-2022-37202 2022-10-26 HIGH 8.8 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
CVE-2022-39944 2022-10-26 HIGH 8.8 In Apache Linkis
CVE-2022-2782 2022-10-27 CRITICAL 9.1 In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
CVE-2024-13098 2025-02-01 MEDIUM 5.4 The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
« Anterior Página 1271 de 4312 Siguiente »