Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-2110 2026-02-07 LOW 3.7 A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results…
CVE-2026-2109 2026-02-07 MEDIUM 5.4 A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation…
CVE-2026-2108 2026-02-07 MEDIUM 5.3 A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial…
CVE-2026-2107 2026-02-07 MEDIUM 6.3 A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results…
CVE-2026-2106 2026-02-07 MEDIUM 6.3 A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The…
CVE-2026-2105 2026-02-07 MEDIUM 6.3 A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing…
CVE-2026-2090 2026-02-07 HIGH 7.3 A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term…
CVE-2026-2089 2026-02-07 HIGH 7.3 A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results…
CVE-2026-2088 2026-02-07 HIGH 7.3 A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads…
CVE-2026-2087 2026-02-07 HIGH 7.3 A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the…
CVE-2026-2086 2026-02-07 HIGH 8.8 A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface.…
CVE-2026-2085 2026-02-07 HIGH 7.2 A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of…
CVE-2026-2084 2026-02-07 HIGH 7.2 A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to…
CVE-2026-2083 2026-02-07 HIGH 7.3 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID…
CVE-2026-2082 2026-02-07 MEDIUM 4.7 A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os…
CVE-2026-2081 2026-02-07 MEDIUM 4.7 A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command…
CVE-2026-2080 2026-02-07 HIGH 7.2 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to…
CVE-2026-2079 2026-02-07 MEDIUM 6.3 A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executing a…
CVE-2026-1675 2026-02-07 MEDIUM 5.3 The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default…
CVE-2026-1643 2026-02-07 MEDIUM 6.1 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This…
CVE-2026-1634 2026-02-07 MEDIUM 6.1 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2026-1613 2026-02-07 MEDIUM 6.4 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient…
CVE-2026-1611 2026-02-07 MEDIUM 6.4 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to…
CVE-2026-1608 2026-02-07 MEDIUM 6.4 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient…
CVE-2026-1573 2026-02-07 MEDIUM 6.4 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input…
CVE-2026-1570 2026-02-07 MEDIUM 6.4 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1…
CVE-2026-1082 2026-02-07 MEDIUM 4.3 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on…
CVE-2026-0555 2026-02-07 MEDIUM 6.4 The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to…
CVE-2025-15477 2026-02-07 MEDIUM 6.5 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to…
CVE-2025-15476 2026-02-07 MEDIUM 4.3 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to,…
CVE-2026-2078 2026-02-07 MEDIUM 6.3 A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission Management. Performing a manipulation results…
CVE-2026-2077 2026-02-07 MEDIUM 6.3 A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role…
CVE-2026-2076 2026-02-07 MEDIUM 6.3 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management…
CVE-2026-2075 2026-02-07 MEDIUM 6.3 A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The…
CVE-2025-15491 2026-02-07 N/A 0.0 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such…
CVE-2025-15267 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to…
CVE-2025-13463 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to…
CVE-2025-12803 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to…
CVE-2025-12159 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to…
CVE-2026-2074 2026-02-07 MEDIUM 6.3 A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads…
CVE-2026-2073 2026-02-07 HIGH 7.3 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead…
CVE-2026-25845 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25844 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25843 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25842 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25841 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25840 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25839 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25838 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25837 2026-02-07 N/A 0.0 Rejected reason: Not used
Página 1 de 3910 Siguiente »