Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6089 2025-06-15 MEDIUM 4.3 A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the…
CVE-2025-36041 2025-06-15 MEDIUM 4.7 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through…
CVE-2025-1411 2025-06-15 HIGH 7.8 IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.
CVE-2025-5337 2025-06-14 MEDIUM 6.4 The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0…
CVE-2025-5238 2025-06-14 MEDIUM 6.4 The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient…
CVE-2025-4667 2025-06-14 MEDIUM 6.4 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in…
CVE-2025-6070 2025-06-14 MEDIUM 6.5 The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible…
CVE-2025-6065 2025-06-14 CRITICAL 9.1 The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions…
CVE-2025-6064 2025-06-14 MEDIUM 6.1 The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect…
CVE-2025-6063 2025-06-14 MEDIUM 6.1 The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce…
CVE-2025-6062 2025-06-14 MEDIUM 4.3 The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or…
CVE-2025-6061 2025-06-14 MEDIUM 6.4 The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to…
CVE-2025-6055 2025-06-14 MEDIUM 6.1 The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect…
CVE-2025-6040 2025-06-14 MEDIUM 6.1 The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce…
CVE-2025-5589 2025-06-14 MEDIUM 6.4 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient…
CVE-2025-5336 2025-06-14 MEDIUM 6.4 The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-no_number’ parameter in all versions up to, and including, 4.22 to insufficient input…
CVE-2025-4592 2025-06-14 MEDIUM 4.3 The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is…
CVE-2025-4216 2025-06-14 MEDIUM 6.4 The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due…
CVE-2025-4200 2025-06-14 HIGH 8.1 The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the…
CVE-2025-4187 2025-06-14 MEDIUM 5.9 The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect()…
CVE-2025-5487 2025-06-14 HIGH 7.2 The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in…
CVE-2025-3234 2025-06-14 HIGH 7.2 The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including,…
CVE-2025-6059 2025-06-14 MEDIUM 4.3 The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce…
CVE-2025-50150 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50149 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50148 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50147 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50146 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50145 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50144 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50143 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50142 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-33108 2025-06-14 HIGH 8.5 IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges…
CVE-2025-25215 2025-06-13 HIGH 8.8 An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call…
CVE-2025-6083 2025-06-13 N/A 0.0 In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the…
CVE-2025-24919 2025-06-13 HIGH 8.1 A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response…
CVE-2025-49598 2025-06-13 N/A 0.0 conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the…
CVE-2025-25050 2025-06-13 HIGH 8.8 An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API…
CVE-2025-24922 2025-06-13 HIGH 8.8 A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can…
CVE-2025-24311 2025-06-13 HIGH 8.4 An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call…
CVE-2025-49597 2025-06-13 LOW 3.9 handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods…
CVE-2025-49596 2025-06-13 N/A 0.0 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack…
CVE-2025-48920 2025-06-13 HIGH 7.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.
CVE-2025-48915 2025-06-13 HIGH 8.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before…
CVE-2025-48914 2025-06-13 HIGH 8.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before…
CVE-2025-49587 2025-06-13 N/A 0.0 XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that…
CVE-2025-49586 2025-06-13 N/A 0.0 XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can…
CVE-2025-49585 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass…
CVE-2025-49584 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known…
CVE-2025-49583 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document,…
« Anterior Página 1070 de 4308 Siguiente »