Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2024-7253 2024-11-22 HIGH 7.8 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations…
CVE-2024-47939 2024-11-01 HIGH 7.7 Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability…
CVE-2025-48427 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48426 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48425 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48424 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48423 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48422 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48421 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48420 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48419 2025-05-21 N/A 0.0 Rejected reason: Not used
CVE-2025-0129 2025-04-11 N/A 0.0 An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access…
CVE-2025-4436 2025-05-20 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-23122 2025-05-19 N/A 0.0 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165.
CVE-2022-40708 2022-09-28 LOW 3.3 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could…
CVE-2022-3193 2022-09-28 MEDIUM 6.1 An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry,…
CVE-2022-35722 2022-09-28 MEDIUM 5.4 IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2022-35282 2022-09-28 MEDIUM 6.5 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially…
CVE-2022-40912 2022-09-28 MEDIUM 6.1 ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET…
CVE-2022-24373 2022-09-30 MEDIUM 5.3 The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular…
CVE-2022-2778 2022-09-30 CRITICAL 9.8 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
CVE-2022-22387 2022-09-28 MEDIUM 5.4 IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web…
CVE-2021-41434 2022-09-28 MEDIUM 5.4 A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary…
CVE-2025-22383 2025-01-04 MEDIUM 4.6 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B…
CVE-2025-22384 2025-01-04 HIGH 7.5 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce…
CVE-2025-1286 2025-05-15 MEDIUM 6.1 The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back…
CVE-2025-1033 2025-05-15 MEDIUM 4.8 The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2025-0329 2025-05-15 MEDIUM 4.8 The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could…
CVE-2024-8701 2025-05-15 MEDIUM 4.8 The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-8085 2025-05-15 MEDIUM 6.1 The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well…
CVE-2024-8082 2025-05-15 MEDIUM 4.3 The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-8050 2025-05-15 MEDIUM 4.3 The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which…
CVE-2024-8032 2025-05-15 MEDIUM 6.1 The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation…
CVE-2024-6797 2025-05-15 MEDIUM 4.8 The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-6719 2025-05-15 HIGH 8.1 The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-6713 2025-05-15 MEDIUM 4.8 The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow…
CVE-2024-6712 2025-05-15 MEDIUM 6.1 The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2024-6693 2025-05-15 MEDIUM 4.8 The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-6690 2025-05-15 MEDIUM 6.1 The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external…
CVE-2024-6486 2025-05-15 HIGH 7.2 The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path"…
CVE-2024-6478 2025-05-15 MEDIUM 4.8 The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could…
CVE-2024-6462 2025-05-15 MEDIUM 4.8 The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow…
CVE-2024-6335 2025-05-15 MEDIUM 4.8 The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow…
CVE-2024-6159 2025-05-15 CRITICAL 9.8 The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before…
CVE-2024-5440 2025-05-15 MEDIUM 5.4 The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before…
CVE-2024-5026 2025-05-15 MEDIUM 4.8 The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow…
CVE-2024-13865 2025-05-15 MEDIUM 6.1 The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-13828 2025-05-15 MEDIUM 6.1 The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-13823 2025-05-15 MEDIUM 6.1 The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-13727 2025-05-15 MEDIUM 6.1 The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page,…
« Anterior Página 405 de 3521 Siguiente »