Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-12878
2025-02-26
HIGH
7.1
The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-10483
2025-02-26
HIGH
7.1
The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-10152
2025-02-26
HIGH
7.1
The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting…
CVE-2024-10545
2025-02-25
LOW
3.5
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings,…
CVE-2024-12173
2025-02-19
LOW
3.5
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-4059
2025-04-29
MEDIUM
5.3
A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of…
CVE-2025-4058
2025-04-29
HIGH
7.3
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of…
CVE-2025-3250
2025-04-04
MEDIUM
4.3
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some…
CVE-2025-1964
2025-03-05
HIGH
7.3
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some…
CVE-2024-25419
2024-02-11
HIGH
8.8
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
CVE-2024-25418
2024-02-11
HIGH
8.8
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
CVE-2024-25447
2024-02-09
HIGH
8.8
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a…
CVE-2024-25443
2024-02-09
HIGH
7.8
An issue in the HuginBase::ImageVariable::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.
CVE-2024-25315
2024-02-09
CRITICAL
9.8
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
CVE-2024-25314
2024-02-09
CRITICAL
9.8
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
CVE-2024-25305
2024-02-09
HIGH
8.8
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
CVE-2024-25304
2024-02-09
HIGH
8.8
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
CVE-2024-25004
2024-02-09
HIGH
7.8
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds…
CVE-2024-24680
2024-02-06
HIGH
7.5
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template…
CVE-2024-24940
2024-02-06
LOW
2.8
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVE-2024-24543
2024-02-05
CRITICAL
9.8
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause…
CVE-2024-24495
2024-02-08
CRITICAL
9.8
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted…
CVE-2024-24494
2024-02-08
MEDIUM
6.1
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day,…
CVE-2024-24398
2024-02-06
CRITICAL
9.8
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a…
CVE-2024-24468
2024-02-05
HIGH
8.8
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
CVE-2024-24397
2024-02-05
MEDIUM
5.4
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via…
CVE-2024-24393
2024-02-08
CRITICAL
9.8
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.
CVE-2024-24113
2024-02-08
HIGH
8.8
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVE-2024-24018
2024-02-08
CRITICAL
9.8
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and…
CVE-2024-24001
2024-02-07
CRITICAL
9.8
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to…
CVE-2024-24259
2024-02-05
HIGH
7.5
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
CVE-2024-23749
2024-02-09
HIGH
7.8
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization…
CVE-2024-23756
2024-02-08
HIGH
7.5
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to…
CVE-2024-23660
2024-02-08
HIGH
7.5
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates…
CVE-2024-23764
2024-02-08
MEDIUM
6.7
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and…
CVE-2024-23978
2024-02-02
CRITICAL
9.8
Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be…
CVE-2024-22520
2024-02-06
HIGH
8.2
An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.
CVE-2024-22240
2024-02-06
MEDIUM
4.9
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading…
CVE-2024-22852
2024-02-06
CRITICAL
9.8
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service…
CVE-2024-22667
2024-02-05
HIGH
7.8
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer…
CVE-2024-22902
2024-02-02
CRITICAL
9.8
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
CVE-2024-22901
2024-02-02
CRITICAL
9.8
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
CVE-2024-22239
2024-02-06
MEDIUM
5.3
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may…
CVE-2024-22237
2024-02-06
HIGH
7.8
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may…
CVE-2024-22107
2024-02-02
HIGH
7.2
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via…
CVE-2024-21485
2024-02-02
MEDIUM
6.5
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before…
CVE-2024-20904
2024-01-16
MEDIUM
5.0
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected…
CVE-2024-20813
2024-02-06
HIGH
8.4
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20812
2024-02-06
HIGH
8.4
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20007
2024-02-05
HIGH
7.5
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to…
« Anterior
Página 438 de 3529
Siguiente »
Page load link
Go to Top
