Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-42087
2022-10-12
MEDIUM
6.5
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2024-5030
2024-11-18
LOW
3.8
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings,…
CVE-2024-52316
2024-11-18
CRITICAL
9.8
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component…
CVE-2024-52317
2024-11-18
MEDIUM
6.5
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could…
CVE-2024-52318
2024-11-18
MEDIUM
6.1
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended…
CVE-2024-46055
2024-11-27
MEDIUM
4.8
OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.
CVE-2024-10473
2024-11-28
MEDIUM
5.4
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them…
CVE-2024-10493
2024-11-28
MEDIUM
5.4
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does…
CVE-2024-10896
2024-11-28
MEDIUM
5.4
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which…
CVE-2024-43118
2024-11-01
MEDIUM
4.3
Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a…
CVE-2024-10027
2024-11-07
MEDIUM
4.8
The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could…
CVE-2024-20926
2024-01-16
MEDIUM
5.9
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:…
CVE-2022-42906
2022-10-13
HIGH
7.8
powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior…
CVE-2022-42902
2022-10-13
HIGH
8.8
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization,…
CVE-2022-42163
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVE-2024-45772
2024-09-30
MEDIUM
5.1
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.…
CVE-2025-3744
2025-05-13
HIGH
7.6
Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744,…
CVE-2024-7982
2024-11-08
CRITICAL
9.6
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event…
CVE-2024-9874
2024-11-09
MEDIUM
4.9
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via…
CVE-2024-9835
2024-11-12
MEDIUM
4.8
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an…
CVE-2024-9836
2024-11-12
MEDIUM
5.9
The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting…
CVE-2024-10146
2024-11-14
MEDIUM
5.4
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back…
CVE-2024-9186
2024-11-14
HIGH
8.6
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and…
CVE-2024-10482
2024-11-21
MEDIUM
5.4
The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does…
CVE-2024-22927
2024-02-01
MEDIUM
6.1
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code…
CVE-2024-24059
2024-02-01
MEDIUM
5.4
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.
CVE-2023-5841
2024-02-01
CRITICAL
9.1
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy…
CVE-2024-20977
2024-01-16
MEDIUM
6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and…
CVE-2024-20948
2024-01-16
MEDIUM
6.1
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are…
CVE-2022-42221
2022-10-17
HIGH
8.8
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.
CVE-2022-42171
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVE-2022-42170
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVE-2022-42169
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVE-2022-42168
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVE-2022-42167
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-41500
2022-10-18
HIGH
8.8
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points…
CVE-2022-42164
2022-10-17
CRITICAL
9.8
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVE-2022-42086
2022-10-12
MEDIUM
6.5
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
CVE-2022-42081
2022-10-12
HIGH
7.5
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.
CVE-2022-41497
2022-10-13
CRITICAL
9.8
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.
CVE-2022-41496
2022-10-13
CRITICAL
9.8
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVE-2022-41495
2022-10-13
CRITICAL
9.8
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.
CVE-2022-41489
2022-10-13
HIGH
8.1
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to…
CVE-2022-41485
2022-10-13
HIGH
7.5
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause…
CVE-2022-41484
2022-10-13
HIGH
7.5
Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause…
CVE-2022-41483
2022-10-13
HIGH
7.5
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause…
CVE-2022-41479
2022-10-18
HIGH
7.5
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the…
CVE-2022-41482
2022-10-13
HIGH
7.5
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause…
CVE-2022-41481
2022-10-13
HIGH
7.5
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause…
CVE-2022-41480
2022-10-13
HIGH
7.5
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause…
« Anterior
Página 441 de 3529
Siguiente »
Page load link
Go to Top
