Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-26327 2024-02-19 MEDIUM 5.3 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow…
CVE-2020-36774 2024-02-19 MEDIUM 5.5 plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
CVE-2024-20945 2024-02-17 MEDIUM 4.7 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle…
CVE-2024-20921 2024-02-17 MEDIUM 5.9 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle…
CVE-2024-20915 2024-02-17 MEDIUM 5.3 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated…
CVE-2024-2702 2024-03-20 HIGH 8.2 Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from…
CVE-2023-7232 2024-03-26 MEDIUM 5.3 The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access…
CVE-2024-1745 2024-03-26 MEDIUM 4.3 The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7…
CVE-2024-29735 2024-03-26 MEDIUM 5.3 Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all…
CVE-2024-25420 2024-03-26 HIGH 7.2 An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
CVE-2024-25421 2024-03-26 CRITICAL 9.8 An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
CVE-2024-2278 2024-04-01 MEDIUM 6.1 Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-29433 2024-04-01 CRITICAL 9.8 A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.
CVE-2024-29435 2024-04-01 MEDIUM 4.1 An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
CVE-2024-1274 2024-04-02 MEDIUM 5.4 The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site…
CVE-2024-31002 2024-04-02 CRITICAL 9.8 Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.
CVE-2024-31003 2024-04-02 HIGH 8.8 Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.
CVE-2024-31005 2024-04-02 HIGH 8.1 An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment
CVE-2024-53268 2024-11-25 HIGH 7.2 Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the…
CVE-2024-10704 2024-11-29 MEDIUM 4.8 The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-10980 2024-11-29 MEDIUM 5.4 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie…
CVE-2024-10551 2024-12-06 MEDIUM 4.8 The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-11183 2024-12-07 MEDIUM 4.8 The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-9651 2024-12-09 MEDIUM 6.1 The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-45986 2024-09-26 MEDIUM 5.4 A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload…
CVE-2025-31651 2025-04-28 CRITICAL 9.8 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to…
CVE-2024-0166 2024-02-12 HIGH 7.8 Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution…
CVE-2023-6499 2024-02-12 MEDIUM 5.4 The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
CVE-2023-6081 2024-02-12 MEDIUM 5.4 The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2023-51989 2024-01-11 N/A 0.0 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-51987. Reason: This candidate is a reservation duplicate of CVE-2025-51987. Notes: All CVE users should reference CVE-2025-51987 instead of…
CVE-2022-3420 2022-10-31 MEDIUM 4.8 The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as…
CVE-2022-3419 2022-10-31 MEDIUM 6.5 The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to…
CVE-2022-3408 2022-10-31 MEDIUM 4.8 The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2022-3380 2022-10-31 HIGH 7.2 The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or…
CVE-2022-3374 2022-10-31 HIGH 7.2 The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import…
CVE-2022-3366 2022-10-31 HIGH 7.2 The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks…
CVE-2022-3360 2022-10-31 HIGH 8.1 The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable…
CVE-2022-3357 2022-10-31 HIGH 8.8 The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally…
CVE-2024-45967 2024-10-01 MEDIUM 4.7 Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.
CVE-2024-47806 2024-10-02 HIGH 8.1 Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining…
CVE-2024-47807 2024-10-02 HIGH 8.1 Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining…
CVE-2024-48581 2024-10-25 CRITICAL 9.8 File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.
CVE-2024-48594 2024-10-28 HIGH 8.8 File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
CVE-2023-4911 2023-10-03 HIGH 7.8 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use…
CVE-2025-31324 2025-04-24 CRITICAL 10.0 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host…
CVE-2024-28151 2024-03-06 MEDIUM 4.3 Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to…
CVE-2024-28150 2024-03-06 MEDIUM 4.7 Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a…
CVE-2024-28149 2024-03-06 MEDIUM 6.5 Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine…
CVE-2025-28017 2025-04-23 MEDIUM 6.5 TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.
CVE-2025-28018 2025-04-23 HIGH 7.3 TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.
« Anterior Página 1281 de 4312 Siguiente »