Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-7710 2025-08-02 CRITICAL 9.8 The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including,…
CVE-2025-7500 2025-08-02 MEDIUM 6.4 The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions…
CVE-2025-8467 2025-08-02 HIGH 7.3 A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-8488 2025-08-02 MEDIUM 4.3 The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2025-6722 2025-08-02 MEDIUM 5.3 The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in…
CVE-2025-8466 2025-08-02 HIGH 7.3 A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-8400 2025-08-02 MEDIUM 6.1 The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0…
CVE-2025-8399 2025-08-02 MEDIUM 6.4 The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions…
CVE-2025-8391 2025-08-02 MEDIUM 6.4 The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all…
CVE-2025-6832 2025-08-02 MEDIUM 6.1 The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable…
CVE-2025-8317 2025-08-02 MEDIUM 6.4 The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions…
CVE-2025-8212 2025-08-02 MEDIUM 6.4 The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in…
CVE-2025-8152 2025-08-02 MEDIUM 5.3 The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification…
CVE-2025-6754 2025-08-02 HIGH 8.8 The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click()…
CVE-2025-6626 2025-08-02 MEDIUM 4.4 The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-4588 2025-08-02 MEDIUM 6.4 The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all…
CVE-2025-8146 2025-08-02 MEDIUM 6.4 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget…
CVE-2025-7694 2025-08-02 MEDIUM 6.8 The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-6078 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page…
CVE-2025-6077 2025-08-02 N/A 0.0 Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator…
CVE-2025-6076 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an…
CVE-2025-54796 2025-08-02 HIGH 7.5 Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary…
CVE-2025-54790 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not…
CVE-2025-54789 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move…
CVE-2025-54782 2025-08-02 N/A 0.0 Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution…
CVE-2025-54781 2025-08-02 LOW 2.8 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version…
CVE-2025-54386 2025-08-02 N/A 0.0 Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a…
CVE-2025-54136 2025-08-02 HIGH 7.2 Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and…
CVE-2025-54133 2025-08-02 N/A 0.0 Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information…
CVE-2025-54792 2025-08-01 N/A 0.0 LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an…
CVE-2025-54424 2025-08-01 HIGH 8.1 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server.…
CVE-2025-54132 2025-08-01 MEDIUM 4.4 Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render…
CVE-2025-54131 2025-08-01 MEDIUM 6.4 Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow…
CVE-2024-13978 2025-08-01 LOW 2.5 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is…
CVE-2013-10063 2025-08-01 N/A 0.0 A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions
CVE-2013-10062 2025-08-01 N/A 0.0 A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and…
CVE-2013-10061 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45)…
CVE-2013-10060 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via…
CVE-2013-10059 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm…
CVE-2013-10058 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the…
CVE-2013-10057 2025-08-01 N/A 0.0 A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is…
CVE-2013-10055 2025-08-01 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The…
CVE-2013-10053 2025-08-01 N/A 0.0 A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername…
CVE-2013-10051 2025-08-01 N/A 0.0 A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within…
CVE-2013-10050 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via…
CVE-2013-10049 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint…
CVE-2013-10048 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and…
CVE-2013-10047 2025-08-01 N/A 0.0 An unrestricted file upload vulnerability exists in MiniWeb HTTP Server
CVE-2013-10046 2025-08-01 N/A 0.0 A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary…
CVE-2013-10044 2025-08-01 N/A 0.0 An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator…
Página 1 de 3359 Siguiente »