Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-40875 2022-10-27 HIGH 7.5 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.
CVE-2022-40874 2022-10-27 HIGH 7.5 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http…
CVE-2022-41797 2022-10-24 MEDIUM 6.5 Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows…
CVE-2021-38734 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
CVE-2022-39978 2022-10-27 HIGH 7.2 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers…
CVE-2022-39977 2022-10-27 HIGH 7.2 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to…
CVE-2022-39976 2022-10-27 CRITICAL 9.8 School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.
CVE-2021-38733 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
CVE-2021-38732 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
CVE-2021-38731 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
CVE-2021-38730 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
CVE-2021-38729 2022-10-28 CRITICAL 9.8 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
CVE-2021-37781 2022-10-28 MEDIUM 5.4 Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
CVE-2021-35388 2022-10-28 MEDIUM 5.4 Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVE-2021-35387 2022-10-28 HIGH 8.8 Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVE-2024-29901 2024-03-29 MEDIUM 4.8 The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the…
CVE-2024-29900 2024-03-29 HIGH 7.5 Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap…
CVE-2025-3389 2025-04-08 LOW 3.5 A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the…
CVE-2024-11595 2024-11-21 HIGH 7.8 FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
CVE-2025-2488 2025-05-02 MEDIUM 4.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.
CVE-2024-11596 2024-11-21 HIGH 7.8 ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
CVE-2025-2421 2025-05-02 HIGH 8.2 Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.
CVE-2025-3388 2025-04-07 MEDIUM 4.3 A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The…
CVE-2025-1301 2025-05-02 HIGH 7.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yordam Informatics Library Automation System allows Reflected XSS.This issue affects Library Automation System: before…
CVE-2024-11142 2025-05-02 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process…
CVE-2025-47201 2025-05-02 MEDIUM 4.4 In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS.
CVE-2025-3709 2025-05-02 CRITICAL 9.8 Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack.
CVE-2024-9458 2025-03-07 MEDIUM 4.8 The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-3708 2025-05-02 CRITICAL 9.8 Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-3707 2025-05-02 MEDIUM 6.5 The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.
CVE-2025-3351 2025-04-07 HIGH 7.3 A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-3350 2025-04-07 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/view-enquiry.php. The manipulation…
CVE-2025-3316 2025-04-06 HIGH 7.3 A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The…
CVE-2025-3313 2025-04-06 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Men Salon Management System 1.0. Affected is an unknown function of the file /admin/add-customer.php. The manipulation of…
CVE-2025-3312 2025-04-06 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Men Salon Management System 1.0. This issue affects some unknown processing of the file /admin/add-customer-services.php. The…
CVE-2024-57235 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVE-2024-57234 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-57233 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-57232 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-57231 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-57230 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-57229 2025-05-05 CRITICAL 9.8 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2025-3392 2025-04-08 LOW 3.5 A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the…
CVE-2025-45322 2025-05-05 HIGH 8.8 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
CVE-2025-45321 2025-05-05 HIGH 8.8 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
CVE-2025-45320 2025-05-05 MEDIUM 5.3 A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
CVE-2025-2034 2025-03-06 HIGH 7.3 A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php?cid=1. The…
CVE-2025-45042 2025-05-05 CRITICAL 9.8 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
CVE-2025-4271 2025-05-05 MEDIUM 5.3 A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation…
CVE-2025-4270 2025-05-05 MEDIUM 5.3 A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler.…
« Anterior Página 1273 de 4312 Siguiente »