Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-43232 2022-10-28 HIGH 7.2 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.
CVE-2022-43003 2022-10-26 CRITICAL 9.8 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.
CVE-2022-43002 2022-10-26 CRITICAL 9.8 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
CVE-2022-43001 2022-10-26 CRITICAL 9.8 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.
CVE-2022-42991 2022-10-27 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
CVE-2022-42992 2022-10-27 MEDIUM 5.4 Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train…
CVE-2022-43000 2022-10-26 CRITICAL 9.8 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.
CVE-2022-42999 2022-10-26 HIGH 7.5 D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
CVE-2022-42998 2022-10-26 CRITICAL 9.8 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.
CVE-2022-42915 2022-10-29 HIGH 8.1 curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection…
CVE-2022-42055 2022-10-27 MEDIUM 6.5 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
CVE-2022-42468 2022-10-26 CRITICAL 9.8 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue…
CVE-2022-40238 2022-10-26 HIGH 8.8 A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This…
CVE-2022-3394 2022-10-25 HIGH 7.2 The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user…
CVE-2022-3393 2022-10-25 CRITICAL 9.8 The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
CVE-2022-3392 2022-10-25 MEDIUM 4.8 The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2022-38060 2022-12-21 HIGH 8.8 A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
CVE-2022-33184 2022-10-25 HIGH 7.8 A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based…
CVE-2022-33183 2022-10-25 HIGH 8.8 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using…
CVE-2022-33182 2022-10-25 HIGH 7.8 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to…
CVE-2022-33757 2022-10-25 MEDIUM 6.5 An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure…
CVE-2022-2190 2022-10-31 MEDIUM 6.1 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
CVE-2022-2167 2022-10-31 MEDIUM 6.1 The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site…
CVE-2022-2508 2022-10-27 MEDIUM 5.3 In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to…
CVE-2022-33181 2022-10-25 MEDIUM 5.5 An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files…
CVE-2022-29851 2022-10-25 CRITICAL 9.8 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is…
CVE-2022-27583 2022-10-31 CRITICAL 9.1 A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the…
CVE-2021-40241 2022-10-31 CRITICAL 9.8 xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2021-40661 2022-10-31 HIGH 7.5 A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10…
CVE-2021-42777 2022-10-29 CRITICAL 9.8 Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application…
CVE-2021-38728 2022-10-28 MEDIUM 6.1 SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
CVE-2020-21016 2022-10-31 CRITICAL 9.8 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVE-2024-52553 2024-11-13 HIGH 8.8 Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2025-4329 2025-05-06 MEDIUM 4.3 A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The…
CVE-2025-4328 2025-05-06 LOW 3.5 A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java…
CVE-2025-4327 2025-05-06 MEDIUM 4.3 A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible…
CVE-2025-4326 2025-05-06 LOW 2.4 A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The…
CVE-2025-4325 2025-05-06 LOW 2.4 A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The…
CVE-2025-4324 2025-05-06 LOW 2.4 A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page.…
CVE-2025-4337 2025-05-06 MEDIUM 4.3 The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce…
CVE-2025-4323 2025-05-06 LOW 2.4 A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The…
CVE-2025-2802 2025-05-06 HIGH 7.3 The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to…
CVE-2025-3610 2025-05-06 HIGH 8.8 The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the…
CVE-2025-3609 2025-05-06 MEDIUM 5.3 The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'reales_user_signup_form' AJAX…
CVE-2025-4305 2025-05-06 MEDIUM 6.3 A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of…
CVE-2024-39442 2025-05-06 MEDIUM 6.2 In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2025-46728 2025-05-06 HIGH 7.5 cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding:…
CVE-2025-2509 2025-05-06 HIGH 7.8 Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via…
CVE-2025-4293 2025-05-05 LOW 2.4 A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit…
CVE-2025-4292 2025-05-05 LOW 2.4 A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit…
« Anterior Página 1277 de 4312 Siguiente »