Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5541 2025-06-06 MEDIUM 6.4 The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient…
CVE-2025-5538 2025-06-06 MEDIUM 6.4 The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to…
CVE-2025-5536 2025-06-06 MEDIUM 6.4 The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-5534 2025-06-06 MEDIUM 6.4 The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2…
CVE-2025-5533 2025-06-06 MEDIUM 6.4 The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient…
CVE-2025-5486 2025-06-06 CRITICAL 9.8 The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This…
CVE-2025-5019 2025-06-06 MEDIUM 5.4 The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions…
CVE-2025-5018 2025-06-06 HIGH 7.1 The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in…
CVE-2025-4966 2025-06-06 MEDIUM 6.1 The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce…
CVE-2025-4964 2025-06-06 MEDIUM 4.9 The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to…
CVE-2025-48911 2025-06-06 HIGH 8.2 Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48910 2025-06-06 MEDIUM 5.5 Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48909 2025-06-06 HIGH 7.1 Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-48908 2025-06-06 MEDIUM 6.7 Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48907 2025-06-06 MEDIUM 6.2 Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48906 2025-06-06 HIGH 8.8 Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48905 2025-06-06 HIGH 8.1 Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.
CVE-2025-48904 2025-06-06 MEDIUM 4.4 Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48903 2025-06-06 HIGH 7.8 Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48902 2025-06-06 MEDIUM 6.6 Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-2935 2025-06-06 MEDIUM 5.4 The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This…
CVE-2024-58114 2025-06-06 MEDIUM 4.0 Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-5726 2025-06-06 LOW 2.4 A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
CVE-2025-5725 2025-06-06 LOW 2.4 A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-5724 2025-06-06 LOW 2.4 A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the…
CVE-2025-1778 2025-06-06 MEDIUM 4.3 The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including,…
CVE-2025-1777 2025-06-06 MEDIUM 6.4 The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to,…
CVE-2023-2921 2025-06-06 N/A 0.0 The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by…
CVE-2025-5723 2025-06-06 LOW 2.4 A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component…
CVE-2025-5722 2025-06-06 LOW 2.4 A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component…
CVE-2025-36513 2025-06-06 MEDIUM 4.3 Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended…
CVE-2025-5733 2025-06-06 MEDIUM 5.3 The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient…
CVE-2025-5721 2025-06-06 LOW 2.4 A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component…
CVE-2025-5719 2025-06-06 N/A 0.0 The wallet has an authentication bypass vulnerability that allows access to specific pages.
CVE-2025-5716 2025-06-06 HIGH 7.3 A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of…
CVE-2025-5715 2025-06-06 LOW 3.8 A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The…
CVE-2025-5714 2025-06-06 MEDIUM 4.3 A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component…
CVE-2024-46941 2025-06-06 N/A 0.0 SystemUI has an incorrect component protection setting, which allows access to specific information.
CVE-2025-5713 2025-06-06 LOW 3.5 A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the…
CVE-2025-5712 2025-06-06 HIGH 7.3 A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-5711 2025-06-06 HIGH 7.3 A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation…
CVE-2025-5710 2025-06-06 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php.…
CVE-2025-5709 2025-06-06 HIGH 7.3 A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the…
CVE-2024-56343 2025-06-06 MEDIUM 4.3 IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
CVE-2024-56342 2025-06-06 MEDIUM 4.3 IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This…
CVE-2024-22330 2025-06-06 MEDIUM 5.9 IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2025-5708 2025-06-06 HIGH 7.3 A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of…
CVE-2025-5707 2025-06-06 HIGH 7.3 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the…
CVE-2025-5706 2025-06-06 HIGH 7.3 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-5705 2025-06-06 HIGH 7.3 A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The…
« Anterior Página 1092 de 4308 Siguiente »