Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2023-45559 2024-01-03 HIGH 8.2 An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45722 2024-01-03 HIGH 8.8 HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a…
CVE-2023-42866 2024-01-10 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS…
CVE-2023-42831 2024-01-10 MEDIUM 5.5 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8…
CVE-2023-42828 2024-01-10 HIGH 7.8 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may…
CVE-2023-40529 2024-01-10 LOW 2.4 This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17.…
CVE-2023-40437 2024-01-10 MEDIUM 5.5 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6…
CVE-2023-40433 2024-01-10 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass…
CVE-2023-38827 2024-01-09 MEDIUM 6.1 Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code…
CVE-2023-39336 2024-01-09 HIGH 8.8 An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access…
CVE-2023-37644 2024-01-11 MEDIUM 5.5 SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This…
CVE-2023-38612 2024-01-10 LOW 3.3 The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7,…
CVE-2023-38607 2024-01-10 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may…
CVE-2023-37608 2024-01-03 HIGH 7.5 An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there…
CVE-2023-37607 2024-01-03 HIGH 7.5 Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file=…
CVE-2023-34328 2024-01-05 MEDIUM 5.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since…
CVE-2023-34327 2024-01-05 MEDIUM 5.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since…
CVE-2023-32886 2024-01-02 HIGH 7.5 In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This…
CVE-2023-32884 2024-01-02 MEDIUM 6.7 In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation…
CVE-2023-32883 2024-01-02 MEDIUM 6.7 In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2023-32876 2024-01-02 MEDIUM 4.4 In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information…
CVE-2023-32872 2024-01-02 MEDIUM 6.7 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to…
CVE-2023-32424 2024-01-10 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4.…
CVE-2023-28185 2024-01-10 MEDIUM 5.5 An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5,…
CVE-2023-29962 2024-01-04 MEDIUM 6.5 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2022-48504 2024-01-10 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may…
CVE-2023-26998 2024-01-09 MEDIUM 5.4 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter…
CVE-2022-3328 2024-01-08 HIGH 7.8 Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2020-26627 2024-01-10 MEDIUM 4.9 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database…
CVE-2020-26623 2024-01-02 LOW 3.8 SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via…
CVE-2022-39009 2022-09-16 CRITICAL 9.8 The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect…
CVE-2018-25095 2024-01-08 CRITICAL 9.8 The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration…
CVE-2024-22776 2024-02-23 MEDIUM 4.7 Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring…
CVE-2024-29320 2024-04-30 HIGH 8.1 Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.
CVE-2024-55371 2025-04-16 CRITICAL 9.8 Wallos
CVE-2024-55372 2025-04-16 CRITICAL 9.8 Wallos
CVE-2024-51508 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the…
CVE-2024-51509 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the…
CVE-2024-51507 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the…
CVE-2024-51506 2024-10-28 MEDIUM 4.8 Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in…
CVE-2025-47226 2025-05-02 MEDIUM 5.0 Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
CVE-2020-16165 2020-07-30 CRITICAL 9.8 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the…
CVE-2024-33332 2024-04-30 HIGH 7.5 An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
CVE-2024-43033 2024-08-22 HIGH 8.8 JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to…
CVE-2024-32358 2024-04-25 HIGH 7.5 An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom…
CVE-2024-51058 2024-11-26 MEDIUM 6.2 Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files…
CVE-2024-35061 2024-05-21 HIGH 7.3 NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a…
CVE-2024-35060 2024-05-21 HIGH 7.5 An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a…
CVE-2024-35059 2024-05-21 HIGH 7.5 An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.
CVE-2025-4516 2025-05-15 N/A 0.0 There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an…
« Anterior Página 318 de 3511 Siguiente »