Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4269 2025-05-05 MEDIUM 6.5 A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The…
CVE-2025-4268 2025-05-05 MEDIUM 5.3 A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl…
CVE-2025-4267 2025-05-05 MEDIUM 4.7 A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase…
CVE-2025-4266 2025-05-05 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2.…
CVE-2025-3583 2025-05-05 MEDIUM 4.8 The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-56196 2025-03-06 MEDIUM 6.3 Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes…
CVE-2025-39363 2025-05-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a…
CVE-2024-13861 2025-04-11 HIGH 7.8 A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems…
CVE-2025-4265 2025-05-05 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation…
CVE-2025-4264 2025-05-05 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the…
CVE-2025-4262 2025-05-05 HIGH 7.3 A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The…
CVE-2025-4249 2025-05-04 HIGH 7.3 A vulnerability was found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage-categories.php. The manipulation…
CVE-2025-4263 2025-05-05 HIGH 7.3 A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/booking-search.php.…
CVE-2024-24708 2024-02-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19.
CVE-2025-3504 2025-05-01 MEDIUM 4.8 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform…
CVE-2025-3503 2025-05-01 MEDIUM 4.8 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform…
CVE-2024-2557 2024-03-17 MEDIUM 5.3 A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation…
CVE-2025-3502 2025-05-01 MEDIUM 4.8 The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform…
CVE-2024-3078 2024-03-29 MEDIUM 5.5 A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot…
CVE-2024-3366 2024-04-06 LOW 3.5 A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler.…
CVE-2025-28029 2025-04-22 HIGH 7.3 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi
CVE-2025-28026 2025-04-22 HIGH 7.3 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28027 2025-04-22 HIGH 7.3 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2024-54998 2025-01-10 MEDIUM 5.4 MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
CVE-2024-25029 2024-04-06 CRITICAL 9.0 IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged…
CVE-2025-0471 2025-01-16 CRITICAL 9.9 Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to…
CVE-2025-0472 2025-01-16 HIGH 7.5 Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files…
CVE-2025-3248 2025-04-07 CRITICAL 9.8 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVE-2025-0473 2025-01-16 MEDIUM 6.5 Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload…
CVE-2025-3146 2025-04-03 HIGH 7.3 A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of…
CVE-2025-3147 2025-04-03 HIGH 7.3 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the…
CVE-2025-3148 2025-04-03 LOW 3.3 A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the…
CVE-2024-54997 2025-01-10 MEDIUM 5.4 MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
CVE-2024-54996 2025-01-10 HIGH 8.8 MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
CVE-2024-20367 2024-04-03 MEDIUM 5.4 A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a…
CVE-2024-54994 2025-01-10 MEDIUM 6.5 MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
CVE-2024-20352 2024-04-03 MEDIUM 4.9 A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on…
CVE-2025-46573 2025-05-06 N/A 0.0 passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate…
CVE-2025-2485 2025-03-28 HIGH 7.5 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7…
CVE-2022-42944 2022-10-21 HIGH 7.8 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other…
CVE-2022-42943 2022-10-21 HIGH 7.8 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other…
CVE-2022-42941 2022-10-21 HIGH 7.8 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other…
CVE-2022-42940 2022-10-21 HIGH 7.8 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution…
CVE-2022-43400 2022-10-21 CRITICAL 9.8 A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log…
CVE-2022-2882 2022-10-28 MEDIUM 5.5 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4…
CVE-2022-41796 2022-10-24 HIGH 7.8 Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an…
CVE-2022-40984 2022-10-24 CRITICAL 9.8 Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by…
CVE-2022-3676 2022-10-24 MEDIUM 6.5 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify…
CVE-2022-34438 2022-10-21 MEDIUM 6.7 Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system…
CVE-2022-3626 2022-10-21 MEDIUM 5.5 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users…
« Anterior Página 1274 de 4312 Siguiente »