Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12192 2025-11-05 MEDIUM 5.3 The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the…
CVE-2025-11987 2025-11-05 MEDIUM 6.4 The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient…
CVE-2025-11820 2025-11-05 MEDIUM 6.4 The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8…
CVE-2025-55108 2025-11-05 CRITICAL 10.0 The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the…
CVE-2025-12677 2025-11-05 MEDIUM 5.3 The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the register_api_route() function in kiotvietsync/includes/public_actions/WebHookAction.php. This makes…
CVE-2025-12676 2025-11-05 MEDIUM 5.3 The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded…
CVE-2025-12675 2025-11-05 MEDIUM 4.3 The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to,…
CVE-2025-12674 2025-11-05 CRITICAL 9.8 The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and…
CVE-2025-10622 2025-11-05 HIGH 8.0 A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating…
CVE-2025-64151 2025-11-05 MEDIUM 6.7 Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system…
CVE-2025-62225 2025-11-05 MEDIUM 6.7 Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of…
CVE-2025-12388 2025-11-05 MEDIUM 6.4 The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is…
CVE-2025-12384 2025-11-05 HIGH 8.6 The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including,…
CVE-2025-12139 2025-11-05 HIGH 7.5 The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including,…
CVE-2025-11917 2025-11-05 MEDIUM 6.4 The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes…
CVE-2025-11373 2025-11-05 MEDIUM 4.3 The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable…
CVE-2025-21079 2025-11-05 HIGH 7.1 Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is…
CVE-2025-21078 2025-11-05 HIGH 8.8 Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
CVE-2025-21077 2025-11-05 LOW 3.3 Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
CVE-2025-21076 2025-11-05 MEDIUM 5.5 Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for…
CVE-2025-21075 2025-11-05 MEDIUM 4.3 Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-21074 2025-11-05 MEDIUM 4.3 Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-21073 2025-11-05 MEDIUM 6.8 Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this…
CVE-2025-21071 2025-11-05 MEDIUM 5.7 Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-11749 2025-11-05 CRITICAL 9.8 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes…
CVE-2025-12197 2025-11-05 HIGH 7.5 The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the…
CVE-2025-11162 2025-11-05 MEDIUM 6.4 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up…
CVE-2025-64455 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64454 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64453 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64452 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64451 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64450 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64449 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64448 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-12580 2025-11-05 MEDIUM 6.1 The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient…
CVE-2025-11835 2025-11-05 MEDIUM 5.3 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and…
CVE-2025-8871 2025-11-05 MEDIUM 5.6 The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the…
CVE-2025-12582 2025-11-05 MEDIUM 4.3 The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'features_revert_option AJAX endpoint in all versions up to,…
CVE-2025-64110 2025-11-05 N/A 0.0 Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should…
CVE-2025-64109 2025-11-05 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code…
CVE-2025-64108 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file…
CVE-2025-64107 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward…
CVE-2025-64106 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links…
CVE-2025-59595 2025-11-04 N/A 0.0 CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server…
CVE-2025-64320 2025-11-04 MEDIUM 6.5 Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
CVE-2025-62715 2025-11-04 N/A 0.0 ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal…
CVE-2025-62520 2025-11-04 N/A 0.0 Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can…
CVE-2025-62507 2025-11-04 N/A 0.0 Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger…
CVE-2025-62369 2025-11-04 HIGH 7.2 Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS…
« Anterior Página 11 de 3627 Siguiente »