Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-45855 2025-06-03 MEDIUM 5.4 An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-5497 2025-06-03 MEDIUM 6.3 A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component…
CVE-2025-5495 2025-06-03 HIGH 7.3 A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the…
CVE-2025-4517 2025-06-03 CRITICAL 9.4 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…
CVE-2025-4435 2025-06-03 HIGH 7.5 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior…
CVE-2025-4330 2025-06-03 HIGH 7.5 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this…
CVE-2025-4138 2025-06-03 HIGH 7.5 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this…
CVE-2024-12718 2025-06-03 MEDIUM 5.3 Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using…
CVE-2025-5340 2025-06-03 MEDIUM 6.4 The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to…
CVE-2025-4671 2025-06-03 MEDIUM 6.4 The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due…
CVE-2025-4205 2025-06-03 MEDIUM 6.4 The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID' parameter in all versions up to, and including, 1.20.4 due to insufficient input…
CVE-2025-5493 2025-06-03 MEDIUM 6.3 A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation…
CVE-2025-5492 2025-06-03 MEDIUM 6.3 A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of…
CVE-2025-4392 2025-06-03 HIGH 7.2 The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions…
CVE-2025-31359 2025-06-03 HIGH 8.8 A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to…
CVE-2024-54189 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a…
CVE-2024-52561 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a…
CVE-2024-36486 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the…
CVE-2025-5116 2025-06-03 MEDIUM 6.4 The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to…
CVE-2025-5103 2025-06-03 MEDIUM 4.9 The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including,…
CVE-2025-4420 2025-06-03 MEDIUM 6.4 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to,…
CVE-2025-1725 2025-06-03 MEDIUM 6.4 The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG…
CVE-2025-46355 2025-06-03 HIGH 7.3 Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is…
CVE-2025-41428 2025-06-03 MEDIUM 5.3 Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be…
CVE-2025-4567 2025-06-03 MEDIUM 4.8 The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them…
CVE-2025-3662 2025-06-03 MEDIUM 6.1 The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a…
CVE-2025-3584 2025-06-03 MEDIUM 4.8 The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-31712 2025-06-03 MEDIUM 5.1 In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional…
CVE-2025-31711 2025-06-03 MEDIUM 5.1 In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
CVE-2025-31710 2025-06-03 MEDIUM 5.9 In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2025-27031 2025-06-03 HIGH 7.8 memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
CVE-2025-27029 2025-06-03 HIGH 7.5 Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
CVE-2025-21486 2025-06-03 HIGH 7.8 Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2025-21485 2025-06-03 HIGH 7.8 Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
CVE-2025-21463 2025-06-03 HIGH 7.5 Transient DOS while processing the EHT operation IE in the received beacon frame.
CVE-2024-53026 2025-06-03 HIGH 8.2 Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53021 2025-06-03 HIGH 8.2 Information disclosure may occur while processing goodbye RTCP packet from network.
CVE-2024-53020 2025-06-03 HIGH 8.2 Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53019 2025-06-03 HIGH 8.2 Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53018 2025-06-03 MEDIUM 6.6 Memory corruption may occur while processing the OIS packet parser.
CVE-2024-53017 2025-06-03 MEDIUM 6.6 Memory corruption while handling test pattern generator IOCTL command.
CVE-2024-53016 2025-06-03 MEDIUM 6.6 Memory corruption while processing I2C settings in Camera driver.
CVE-2024-53015 2025-06-03 MEDIUM 6.6 Memory corruption while processing IOCTL command to handle buffers associated with a session.
CVE-2024-53013 2025-06-03 MEDIUM 6.6 Memory corruption may occur while processing voice call registration with user.
CVE-2024-53010 2025-06-03 HIGH 7.8 Memory corruption may occur while attaching VM when the HLOS retains access to VM.
CVE-2025-4797 2025-06-03 CRITICAL 9.8 The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This…
CVE-2025-4224 2025-06-03 HIGH 7.2 The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due…
CVE-2025-4047 2025-06-03 MEDIUM 4.3 The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions…
CVE-2025-2939 2025-06-03 MEDIUM 5.6 The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of…
CVE-2025-5419 2025-06-03 HIGH 8.8 Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.…
« Anterior Página 1108 de 4308 Siguiente »