Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-2104 2025-03-13 MEDIUM 4.3 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in…
CVE-2025-2382 2025-03-17 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation…
CVE-2025-1848 2025-03-03 MEDIUM 6.3 A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument…
CVE-2025-1849 2025-03-03 MEDIUM 6.3 A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of…
CVE-2025-1847 2025-03-03 MEDIUM 6.3 A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization.…
CVE-2024-13350 2025-03-05 MEDIUM 6.4 The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7…
CVE-2024-11731 2025-03-05 MEDIUM 6.4 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including,…
CVE-2024-13757 2025-03-05 MEDIUM 6.4 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including,…
CVE-2024-13777 2025-03-05 HIGH 8.1 The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization…
CVE-2025-1821 2025-03-02 MEDIUM 6.3 A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation…
CVE-2024-13358 2025-03-01 MEDIUM 4.3 The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function…
CVE-2025-1780 2025-03-01 MEDIUM 4.3 The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function…
CVE-2024-13568 2025-03-01 HIGH 7.5 The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via…
CVE-2024-13901 2025-03-01 MEDIUM 4.4 The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in…
CVE-2024-13611 2025-03-01 HIGH 7.5 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…
CVE-2024-13697 2025-03-01 MEDIUM 4.8 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and…
CVE-2025-1818 2025-03-02 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation…
CVE-2025-1820 2025-03-02 MEDIUM 6.3 A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Affected by this vulnerability is the function getOaWid of the file src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java. The…
CVE-2025-0692 2025-02-13 LOW 3.5 The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-1167 2025-02-11 MEDIUM 6.3 A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Affected by this issue is some unknown functionality of the file…
CVE-2024-13332 2025-02-04 MEDIUM 6.1 The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2024-50500 2025-02-03 MEDIUM 4.3 Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features…
CVE-2025-1830 2025-03-02 LOW 2.4 A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler.…
CVE-2025-1831 2025-03-02 MEDIUM 6.3 A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument…
CVE-2025-1832 2025-03-02 MEDIUM 6.3 A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of…
CVE-2025-1833 2025-03-02 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java…
CVE-2025-1834 2025-03-02 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the…
CVE-2025-37899 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for…
CVE-2023-42926 2023-12-12 HIGH 7.8 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app…
CVE-2025-2704 2025-04-02 HIGH 7.5 OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early…
CVE-2024-13591 2025-02-19 MEDIUM 6.4 The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to,…
CVE-2024-13592 2025-02-19 HIGH 7.5 The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the…
CVE-2024-13402 2025-02-27 MEDIUM 6.4 The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input…
CVE-2024-12723 2025-01-28 MEDIUM 6.1 The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-57587 2025-01-31 CRITICAL 9.1 Multiple SQL injection vulnerabilities in EasyVirt DCScope
CVE-2024-55062 2025-01-31 CRITICAL 9.8 Code Injection vulnerability in EasyVirt DCScope
CVE-2024-53357 2025-01-31 HIGH 7.5 Multiple SQL injection vulnerabilities in EasyVirt DCScope
CVE-2025-48708 2025-05-23 MEDIUM 4.0 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
CVE-2024-54852 2025-01-29 CRITICAL 9.8 When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization…
CVE-2025-4810 2025-05-16 HIGH 8.8 A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation…
CVE-2025-4809 2025-05-16 HIGH 8.8 A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument…
CVE-2025-4851 2025-05-18 MEDIUM 6.3 A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads…
CVE-2025-4850 2025-05-18 MEDIUM 6.3 A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads…
CVE-2025-4849 2025-05-18 MEDIUM 6.3 A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation…
CVE-2025-45862 2025-05-20 MEDIUM 6.5 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.
CVE-2025-45513 2025-05-09 CRITICAL 9.8 Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
CVE-2024-26952 2024-05-01 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of…
CVE-2023-44466 2023-09-29 HIGH 8.8 An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via…
CVE-2024-27018 2024-05-01 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc…
CVE-2022-48735 2024-06-20 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by…
« Anterior Página 1163 de 4309 Siguiente »