Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-10677
2025-05-15
MEDIUM
4.3
The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow…
CVE-2024-10639
2025-05-15
MEDIUM
4.8
The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow…
CVE-2024-10634
2025-05-15
MEDIUM
4.3
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which…
CVE-2024-10632
2025-05-15
MEDIUM
4.8
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow…
CVE-2024-10475
2025-05-15
MEDIUM
4.8
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of…
CVE-2024-10362
2025-05-15
MEDIUM
4.8
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of…
CVE-2022-41848
2022-09-30
MEDIUM
4.2
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes…
CVE-2022-41847
2022-09-30
MEDIUM
5.5
An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
CVE-2022-41846
2022-09-30
MEDIUM
5.5
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
CVE-2022-41845
2022-09-30
MEDIUM
5.5
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array::EnsureCapacity in Core/Ap4Array.h.
CVE-2022-41844
2022-09-30
MEDIUM
5.5
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different…
CVE-2022-41843
2022-09-30
MEDIUM
5.5
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
CVE-2022-41842
2022-09-30
MEDIUM
5.5
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVE-2022-41841
2022-09-30
MEDIUM
5.5
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called…
CVE-2022-41440
2022-09-30
HIGH
7.2
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.
CVE-2022-41439
2022-09-30
HIGH
7.2
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.
CVE-2022-41437
2022-09-30
HIGH
7.2
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.
CVE-2022-41828
2022-09-29
HIGH
8.1
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class…
CVE-2022-40887
2022-09-29
CRITICAL
9.8
SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.
CVE-2022-40472
2022-09-29
HIGH
8.0
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows…
CVE-2022-40879
2022-09-29
MEDIUM
6.1
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
CVE-2022-40407
2022-09-29
HIGH
8.8
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a…
CVE-2022-40048
2022-09-29
HIGH
7.2
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
CVE-2022-37461
2022-09-30
MEDIUM
6.1
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web…
CVE-2022-39173
2022-09-29
HIGH
7.5
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an…
CVE-2022-3287
2022-09-28
MEDIUM
6.5
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper…
CVE-2022-3215
2022-09-28
HIGH
7.5
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs…
CVE-2022-35137
2022-09-29
MEDIUM
5.4
DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-33880
2022-09-29
CRITICAL
9.8
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
CVE-2022-35888
2022-09-29
MEDIUM
6.5
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that…
CVE-2019-5797
2022-09-29
HIGH
7.5
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2023-39252
2023-09-21
MEDIUM
5.9
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability…
CVE-2022-34462
2023-01-18
HIGH
8.4
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge…
CVE-2022-34442
2023-01-18
HIGH
8.0
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker…
CVE-2022-34441
2023-01-11
HIGH
8.0
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker…
CVE-2022-34440
2023-01-11
HIGH
8.4
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker…
CVE-2025-22385
2025-01-04
MEDIUM
5.9
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not…
CVE-2025-22386
2025-01-04
HIGH
7.3
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application,…
CVE-2025-22388
2025-01-04
MEDIUM
5.7
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS,…
CVE-2025-22389
2025-01-04
HIGH
8.0
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does…
CVE-2025-22390
2025-01-04
HIGH
7.5
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement…
CVE-2024-10563
2025-02-26
MEDIUM
5.4
The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before…
CVE-2024-12737
2025-02-26
MEDIUM
6.1
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter…
CVE-2024-13629
2025-02-26
MEDIUM
6.1
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-13630
2025-02-26
MEDIUM
6.1
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-13631
2025-02-26
HIGH
7.1
The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-13632
2025-02-26
HIGH
7.1
The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-13633
2025-02-26
HIGH
7.1
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-13634
2025-02-26
MEDIUM
6.1
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-13669
2025-02-26
MEDIUM
6.1
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page,…
« Anterior
Página 407 de 3522
Siguiente »
Page load link
Go to Top
