Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-43228 2022-10-28 HIGH 7.2 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.
CVE-2022-43170 2022-10-28 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-41310 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-41309 2022-10-21 HIGH 7.8 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other…
CVE-2022-42189 2022-10-21 HIGH 7.2 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
CVE-2022-41575 2022-10-21 HIGH 7.5 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is…
CVE-2022-3018 2022-10-28 MEDIUM 6.8 An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before…
CVE-2022-3344 2022-10-25 MEDIUM 5.5 A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2),…
CVE-2022-39837 2022-10-25 MEDIUM 5.5 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process…
CVE-2022-40690 2022-10-24 MEDIUM 5.4 Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2022-3639 2022-10-21 MEDIUM 4.3 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3…
CVE-2022-3627 2022-10-21 MEDIUM 5.5 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users…
CVE-2022-37915 2022-10-28 CRITICAL 9.8 A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation…
CVE-2022-37914 2022-10-28 CRITICAL 9.8 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an…
CVE-2022-37913 2022-10-28 CRITICAL 9.8 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an…
CVE-2022-39836 2022-10-25 MEDIUM 5.5 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process…
CVE-2022-38580 2022-10-25 CRITICAL 9.8 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2022-37621 2022-10-28 CRITICAL 9.8 Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js.
CVE-2022-36368 2022-10-24 MEDIUM 4.8 Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary…
CVE-2021-46850 2022-10-24 HIGH 7.2 myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the…
CVE-2021-46848 2022-10-24 CRITICAL 9.1 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVE-2024-20282 2024-04-03 MEDIUM 6.0 A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is…
CVE-2024-20281 2024-04-03 HIGH 7.5 A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request…
CVE-2024-28162 2024-03-06 MEDIUM 4.2 In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails…
CVE-2024-28161 2024-03-06 MEDIUM 5.3 In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
CVE-2024-51023 2024-11-05 HIGH 8.8 D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands…
CVE-2024-28160 2024-03-06 HIGH 8.8 Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to…
CVE-2024-51024 2024-11-05 HIGH 8.0 D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands…
CVE-2024-11608 2024-12-09 HIGH 7.8 A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to…
CVE-2024-51186 2024-11-11 HIGH 8.0 D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2025-44073 2025-05-06 CRITICAL 9.8 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
CVE-2025-2011 2025-05-06 HIGH 7.5 The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1…
CVE-2025-0669 2025-05-07 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
CVE-2025-0668 2025-05-07 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
CVE-2025-0667 2025-05-07 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVE-2025-0666 2025-05-07 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVE-2022-44022 2022-10-30 MEDIUM 5.3 PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.
CVE-2022-44020 2022-10-30 MEDIUM 5.5 An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt…
CVE-2022-44019 2022-10-30 HIGH 8.8 In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
CVE-2022-43776 2022-10-26 MEDIUM 6.5 The url parameter of the /api/geojson endpoint in Metabase versions
CVE-2022-43775 2022-10-26 CRITICAL 9.8 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43774 2022-10-26 CRITICAL 9.8 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43286 2022-10-28 CRITICAL 9.8 Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
CVE-2022-43285 2022-10-28 HIGH 7.5 Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted…
CVE-2022-43766 2022-10-26 HIGH 7.5 Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users…
CVE-2022-43750 2022-10-26 MEDIUM 6.7 drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-43280 2022-10-28 HIGH 7.1 wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
CVE-2022-43276 2022-10-28 HIGH 7.2 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.
CVE-2022-43275 2022-10-28 HIGH 7.2 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43233 2022-10-28 HIGH 7.2 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.
« Anterior Página 1276 de 4312 Siguiente »