Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48888 2025-06-04 N/A 0.0 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed,…
CVE-2025-46339 2025-06-04 MEDIUM 4.3 FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy…
CVE-2025-32015 2025-06-04 MEDIUM 6.7 FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which leads to cross-site scripting (XSS) by loading an…
CVE-2025-31482 2025-06-04 MEDIUM 4.3 FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry,…
CVE-2025-31134 2025-06-04 N/A 0.0 FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker…
CVE-2025-22245 2025-06-04 MEDIUM 5.9 VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244 2025-06-04 MEDIUM 6.9 VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243 2025-06-04 HIGH 7.5 VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-24015 2025-06-03 N/A 0.0 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is…
CVE-2020-27298 2021-01-26 MEDIUM 6.5 Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS…
CVE-2020-14506 2020-09-18 LOW 3.4 Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties…
CVE-2024-13613 2025-05-17 HIGH 7.5 The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible…
CVE-2025-5267 2025-05-27 MEDIUM 5.4 A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139 and…
CVE-2025-5266 2025-05-27 MEDIUM 6.5 Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139 and Firefox ESR < 128.11.
CVE-2025-5264 2025-05-27 MEDIUM 4.8 Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local…
CVE-2025-33103 2025-05-17 HIGH 8.5 IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to…
CVE-2025-4839 2025-05-17 LOW 3.1 A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads…
CVE-2025-4842 2025-05-17 HIGH 8.8 A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the…
CVE-2025-4843 2025-05-18 HIGH 8.8 A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument…
CVE-2025-4844 2025-05-18 HIGH 7.3 A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation…
CVE-2025-4845 2025-05-18 HIGH 7.3 A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command…
CVE-2025-4847 2025-05-18 HIGH 7.3 A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads…
CVE-2025-4848 2025-05-18 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads…
CVE-2025-4852 2025-05-18 LOW 2.4 A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of…
CVE-2025-3527 2025-05-17 MEDIUM 6.4 The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to,…
CVE-2024-6668 2025-05-15 MEDIUM 5.4 The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as…
CVE-2025-3888 2025-05-17 MEDIUM 6.4 The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient…
CVE-2024-4665 2025-05-15 MEDIUM 5.3 The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a…
CVE-2025-4669 2025-05-17 MEDIUM 6.4 The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to…
CVE-2024-6708 2025-05-15 MEDIUM 4.8 The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to…
CVE-2024-6711 2025-05-15 MEDIUM 6.1 The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin…
CVE-2024-7758 2025-05-15 MEDIUM 4.8 The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to…
CVE-2024-8493 2025-05-15 MEDIUM 4.8 The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-8542 2025-05-15 MEDIUM 4.8 The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-8617 2025-05-15 MEDIUM 4.8 The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site…
CVE-2024-8619 2025-05-15 MEDIUM 4.8 The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-8620 2025-05-15 MEDIUM 4.8 The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-8670 2025-05-15 MEDIUM 4.8 The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-8700 2025-05-15 HIGH 7.5 The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
CVE-2025-4578 2025-06-04 CRITICAL 9.8 The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to…
CVE-2024-9233 2025-05-15 MEDIUM 4.3 The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-9390 2025-05-15 MEDIUM 4.8 The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2024-9450 2025-05-15 MEDIUM 6.5 The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow…
CVE-2024-9599 2025-05-15 MEDIUM 5.4 The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-9645 2025-05-15 MEDIUM 5.4 The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them…
CVE-2025-1289 2025-05-15 MEDIUM 4.8 The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-1303 2025-05-15 MEDIUM 6.1 The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-4580 2025-06-04 MEDIUM 4.3 The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2025-2247 2025-05-15 MEDIUM 5.4 The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change…
CVE-2025-2248 2025-05-15 MEDIUM 5.4 The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
« Anterior Página 1100 de 4308 Siguiente »