Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2018-25199 2026-03-06 HIGH 8.2 OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL…
CVE-2018-25198 2026-03-06 MEDIUM 6.2 eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing…
CVE-2018-25197 2026-03-06 HIGH 8.2 PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET…
CVE-2018-25196 2026-03-06 HIGH 8.2 ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests…
CVE-2018-25194 2026-03-06 HIGH 8.2 Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST…
CVE-2018-25193 2026-03-06 HIGH 7.5 Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections…
CVE-2018-25192 2026-03-06 HIGH 8.2 GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted…
CVE-2018-25191 2026-03-06 HIGH 7.1 Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attackers can send…
CVE-2018-25190 2026-03-06 MEDIUM 5.3 Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that…
CVE-2018-25189 2026-03-06 HIGH 8.2 Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted…
CVE-2018-25188 2026-03-06 HIGH 8.2 Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send…
CVE-2018-25187 2026-03-06 HIGH 8.2 Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to…
CVE-2018-25186 2026-03-06 MEDIUM 5.3 Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can…
CVE-2018-25184 2026-03-06 MEDIUM 6.2 Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences…
CVE-2018-25182 2026-03-06 HIGH 8.2 Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can…
CVE-2018-25181 2026-03-06 HIGH 7.5 Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the…
CVE-2018-25180 2026-03-06 HIGH 7.1 Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail…
CVE-2018-25179 2026-03-06 HIGH 8.2 Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send…
CVE-2018-25178 2026-03-06 HIGH 7.5 Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php…
CVE-2018-25177 2026-03-06 MEDIUM 5.3 Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests…
CVE-2018-25176 2026-03-06 HIGH 8.2 Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search…
CVE-2018-25175 2026-03-06 HIGH 8.2 Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can…
CVE-2018-25174 2026-03-06 MEDIUM 5.3 ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or…
CVE-2018-25173 2026-03-06 HIGH 8.2 Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET…
CVE-2018-25172 2026-03-06 HIGH 8.2 Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET…
CVE-2018-25171 2026-03-06 HIGH 8.2 EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET…
CVE-2018-25170 2026-03-06 HIGH 8.2 DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can…
CVE-2018-25169 2026-03-06 HIGH 7.5 AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish…
CVE-2018-25168 2026-03-06 MEDIUM 4.3 Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests…
CVE-2018-25167 2026-03-06 HIGH 8.2 Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code…
CVE-2018-25166 2026-03-06 HIGH 8.2 Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can…
CVE-2018-25165 2026-03-06 HIGH 7.1 Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can…
CVE-2018-25164 2026-03-06 HIGH 7.5 EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET…
CVE-2018-25163 2026-03-06 HIGH 8.2 BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php…
CVE-2018-25162 2026-03-06 MEDIUM 6.5 2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload…
CVE-2018-25161 2026-03-06 HIGH 8.2 Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST…
CVE-2026-28106 2026-03-06 MEDIUM 4.7 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a through 5.3.80.
CVE-2026-28080 2026-03-06 MEDIUM 4.3 Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95.
CVE-2024-35644 2026-03-06 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through…
CVE-2026-1468 2026-03-06 N/A 0.0 QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request…
CVE-2025-70995 2026-03-05 HIGH 8.8 An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated…
CVE-2025-70949 2026-03-05 HIGH 7.5 An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.
CVE-2025-70948 2026-03-05 CRITICAL 9.3 A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host…
CVE-2025-13476 2026-03-05 CRITICAL 9.8 Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to…
CVE-2026-26418 2026-03-05 HIGH 7.5 Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.
CVE-2026-26417 2026-03-05 HIGH 8.1 A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts…
CVE-2025-70614 2026-03-05 HIGH 8.1 OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to…
CVE-2026-26416 2026-03-05 HIGH 8.8 An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
CVE-2025-70616 2026-03-05 HIGH 7.8 A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing…
CVE-2025-29165 2026-03-05 CRITICAL 9.8 An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component
« Anterior Página 217 de 4222 Siguiente »