Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-2826 2022-10-28 LOW 2.7 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before…
CVE-2021-38737 2022-10-28 CRITICAL 9.8 SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
CVE-2022-26884 2022-10-28 MEDIUM 6.5 Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVE-2021-42010 2022-10-24 CRITICAL 9.8 Heron versions
CVE-2021-38736 2022-10-28 CRITICAL 9.8 SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
CVE-2025-3168 2025-04-03 HIGH 7.3 A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-3352 2025-04-07 HIGH 7.3 A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php.…
CVE-2024-20348 2024-04-03 HIGH 7.5 A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.…
CVE-2025-3370 2025-04-07 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the…
CVE-2024-48629 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48630 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48168 2024-10-14 CRITICAL 9.8 A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.
CVE-2024-48632 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers…
CVE-2024-48631 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48633 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows…
CVE-2024-48634 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48635 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48637 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48636 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-20283 2024-04-03 MEDIUM 4.3 A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access…
CVE-2024-48271 2024-10-30 HIGH 8.8 D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce…
CVE-2025-27363 2025-03-11 HIGH 8.1 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to…
CVE-2025-3205 2025-04-04 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the…
CVE-2024-48638 2024-10-17 HIGH 8.0 D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary…
CVE-2024-48272 2024-10-30 MEDIUM 6.5 D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
CVE-2025-3213 2025-04-04 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark…
CVE-2023-50740 2024-03-06 MEDIUM 5.3 In Apache Linkis
CVE-2024-26580 2024-03-06 CRITICAL 9.1 Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary…
CVE-2025-3120 2025-04-02 MEDIUM 6.3 A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The…
CVE-2020-10196 2020-03-13 MEDIUM 6.1 An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php.…
CVE-2020-10195 2020-03-13 MEDIUM 6.3 The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request…
CVE-2024-22254 2024-03-05 HIGH 7.9 VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
CVE-2024-22255 2024-03-05 HIGH 7.1 VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to…
CVE-2024-22253 2024-03-05 CRITICAL 9.3 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue…
CVE-2025-31121 2025-04-01 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site…
CVE-2024-28216 2024-03-07 MEDIUM 5.4 nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and…
CVE-2024-28215 2024-03-07 HIGH 7.5 nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited…
CVE-2024-28214 2024-03-07 LOW 2.7 nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
CVE-2024-28213 2024-03-07 CRITICAL 9.8 nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVE-2024-28212 2024-03-07 CRITICAL 9.8 nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
CVE-2024-28211 2024-03-07 CRITICAL 9.8 nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
CVE-2024-51328 2024-11-04 MEDIUM 6.1 Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
CVE-2024-50996 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers…
CVE-2024-51003 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters.…
CVE-2025-2778 2025-05-07 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-20671 2025-05-05 HIGH 7.0 In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has…
CVE-2025-20668 2025-05-05 HIGH 7.8 In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2022-43231 2022-10-28 HIGH 7.2 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43230 2022-10-28 HIGH 7.2 Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.
CVE-2022-43229 2022-10-28 HIGH 7.2 Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.
« Anterior Página 1275 de 4312 Siguiente »