Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-38902
2022-10-13
MEDIUM
5.4
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10…
CVE-2022-35612
2022-10-13
MEDIUM
5.4
A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via…
CVE-2022-35611
2022-10-13
MEDIUM
4.3
A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-35136
2022-10-13
MEDIUM
6.5
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.
CVE-2022-35135
2022-10-13
HIGH
8.8
Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/.
CVE-2022-35134
2022-10-13
MEDIUM
5.4
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-37208
2022-10-13
HIGH
8.8
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have…
CVE-2022-35050
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.
CVE-2022-35049
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.
CVE-2022-35081
2022-10-13
MEDIUM
5.5
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.
CVE-2022-35080
2022-10-13
MEDIUM
5.5
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.
CVE-2022-35048
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.
CVE-2022-35047
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.
CVE-2022-35046
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.
CVE-2022-35045
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35044
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.
CVE-2022-35043
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.
CVE-2022-35042
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.
CVE-2022-35041
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.
CVE-2022-34022
2022-10-13
HIGH
7.2
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.
CVE-2022-22078
2022-10-19
MEDIUM
4.6
Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks…
CVE-2022-20464
2022-10-14
MEDIUM
5.5
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a…
CVE-2022-20397
2022-10-14
HIGH
7.8
In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could…
CVE-2021-46840
2022-10-14
CRITICAL
9.1
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction…
CVE-2021-46839
2022-10-14
CRITICAL
9.1
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction…
CVE-2021-0699
2022-10-14
HIGH
7.8
In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could…
CVE-2024-5029
2024-11-21
MEDIUM
4.8
The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is…
CVE-2024-8157
2024-11-21
MEDIUM
4.3
The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could…
CVE-2024-9600
2024-11-21
MEDIUM
4.8
The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9828
2024-11-21
MEDIUM
4.1
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a…
CVE-2024-9422
2024-11-22
MEDIUM
6.6
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be…
CVE-2024-10709
2024-11-25
MEDIUM
6.8
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2024-10710
2024-11-25
LOW
3.5
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-6393
2024-11-25
MEDIUM
4.8
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings,…
CVE-2025-1683
2025-03-12
HIGH
7.8
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables…
CVE-2024-23217
2024-01-23
LOW
3.3
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS…
CVE-2024-0809
2024-01-24
MEDIUM
4.3
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a…
CVE-2024-23206
2024-01-23
MEDIUM
6.5
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3…
CVE-2022-41541
2022-10-18
HIGH
8.1
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid…
CVE-2022-41540
2022-10-18
MEDIUM
5.9
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are…
CVE-2022-41674
2022-10-14
HIGH
8.1
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer…
CVE-2022-42156
2022-10-13
HIGH
8.8
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.
CVE-2022-41537
2022-10-18
HIGH
7.2
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php.…
CVE-2022-41504
2022-10-18
HIGH
7.2
An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code…
CVE-2022-41534
2022-10-13
HIGH
7.2
Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This…
CVE-2022-41533
2022-10-13
HIGH
7.2
Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This…
CVE-2022-41475
2022-10-13
HIGH
8.8
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
CVE-2022-41391
2022-10-13
CRITICAL
9.8
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.
CVE-2022-41390
2022-10-13
CRITICAL
9.8
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.
CVE-2022-41474
2022-10-13
MEDIUM
6.5
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of…
« Anterior
Página 442 de 3529
Siguiente »
Page load link
Go to Top
