Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4227 2025-06-13 N/A 0.0 An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of…
CVE-2025-5815 2025-06-13 MEDIUM 5.3 The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to,…
CVE-2025-5282 2025-06-13 HIGH 7.5 The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check…
CVE-2025-5950 2025-06-13 MEDIUM 6.4 The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization…
CVE-2025-5939 2025-06-13 MEDIUM 4.4 The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input…
CVE-2025-5938 2025-06-13 MEDIUM 5.3 The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is…
CVE-2025-5930 2025-06-13 MEDIUM 4.3 The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation…
CVE-2025-5928 2025-06-13 MEDIUM 4.3 The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or…
CVE-2025-5926 2025-06-13 MEDIUM 6.1 The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce…
CVE-2025-5841 2025-06-13 MEDIUM 6.4 The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient…
CVE-2025-5491 2025-06-13 HIGH 8.8 Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is…
CVE-2025-5288 2025-06-13 CRITICAL 9.8 The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability…
CVE-2025-5233 2025-06-13 MEDIUM 6.4 The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input…
CVE-2025-5123 2025-06-13 MEDIUM 6.4 The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4…
CVE-2025-4586 2025-06-13 MEDIUM 6.4 The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient…
CVE-2025-4585 2025-06-13 MEDIUM 6.4 The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient…
CVE-2025-4584 2025-06-13 MEDIUM 6.4 The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient…
CVE-2025-47959 2025-06-13 HIGH 7.1 Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-30399 2025-06-13 HIGH 7.5 Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-4232 2025-06-13 N/A 0.0 An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges…
CVE-2025-4231 2025-06-13 N/A 0.0 A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to…
CVE-2025-4230 2025-06-13 N/A 0.0 A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be…
CVE-2025-4228 2025-06-13 N/A 0.0 An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and…
CVE-2025-4233 2025-06-12 N/A 0.0 An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
CVE-2025-41234 2025-06-12 MEDIUM 6.5 Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a…
CVE-2025-41233 2025-06-12 MEDIUM 6.8 Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response…
CVE-2025-49589 2025-06-12 N/A 0.0 PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc…
CVE-2025-27689 2025-06-12 HIGH 7.8 Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation…
CVE-2025-6031 2025-06-12 HIGH 7.5 Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user…
CVE-2025-5485 2025-06-12 HIGH 8.6 User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor…
CVE-2025-5484 2025-06-12 HIGH 8.3 A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The…
CVE-2025-4418 2025-06-12 MEDIUM 4.4 An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges…
CVE-2025-4417 2025-06-12 MEDIUM 5.5 A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector…
CVE-2025-48699 2025-06-12 N/A 0.0 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent…
CVE-2025-44019 2025-06-12 HIGH 7.1 AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems,…
CVE-2025-36539 2025-06-12 MEDIUM 6.5 AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems,…
CVE-2025-2745 2025-06-12 MEDIUM 6.5 A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker (with privileges to create/update annotations or…
CVE-2025-49579 2025-06-12 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML,…
CVE-2025-49578 2025-06-12 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can…
CVE-2025-49577 2025-06-12 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages…
CVE-2025-49576 2025-06-12 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can…
CVE-2025-49575 2025-06-12 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can…
CVE-2025-49081 2025-06-12 N/A 0.0 There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the…
CVE-2025-43866 2025-06-12 N/A 0.0 vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is…
CVE-2025-43863 2025-06-12 N/A 0.0 vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated…
CVE-2025-5982 2025-06-12 LOW 3.7 An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass…
CVE-2025-49080 2025-06-12 N/A 0.0 There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service…
CVE-2024-55567 2025-06-12 HIGH 7.5 Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has…
CVE-2023-45256 2025-06-12 N/A 0.0 Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or…
CVE-2025-49467 2025-06-12 N/A 0.0 A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list…
« Anterior Página 1072 de 4308 Siguiente »