Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47512 2025-05-23 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal. This issue affects Tainacan: from n/a through 0.21.14.
CVE-2025-47492 2025-05-23 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects…
CVE-2025-47478 2025-05-23 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0.
CVE-2025-47461 2025-05-23 HIGH 8.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects Subaccounts for WooCommerce: from n/a through 1.6.6.
CVE-2025-47458 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through…
CVE-2025-47453 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion. This issue…
CVE-2025-47438 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects…
CVE-2025-46539 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a…
CVE-2025-46537 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1.
CVE-2025-46527 2025-05-23 MEDIUM 6.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0.
CVE-2025-46526 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through…
CVE-2025-46518 2025-05-23 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT…
CVE-2025-46515 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a…
CVE-2025-46493 2025-05-23 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through…
CVE-2025-46490 2025-05-23 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles:…
CVE-2025-46488 2025-05-23 HIGH 7.1 Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2.
CVE-2025-46487 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3.
CVE-2025-46486 2025-05-23 MEDIUM 4.9 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway:…
CVE-2025-46474 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects…
CVE-2025-46468 2025-05-23 CRITICAL 9.8 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra allows PHP Local File Inclusion. This issue affects Fable…
CVE-2025-46463 2025-05-23 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection. This issue affects Mailing Group Listserv:…
CVE-2025-46460 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through…
CVE-2025-46458 2025-05-23 HIGH 8.2 Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows SQL Injection. This issue affects occupancyplan: from n/a through 1.0.3.0.
CVE-2025-46456 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through…
CVE-2025-46455 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE allows SQL Injection. This issue affects WP HRM LITE: from…
CVE-2025-46454 2025-05-23 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description allows PHP Local File Inclusion. This issue…
CVE-2025-46448 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through…
CVE-2025-46446 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through…
CVE-2025-46444 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects…
CVE-2025-46440 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4.
CVE-2025-46437 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form allows Reflected XSS. This issue affects Tayori Form: from n/a through 1.2.9.
CVE-2025-41380 2025-05-23 N/A 0.0 Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
CVE-2025-41379 2025-05-23 N/A 0.0 The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new…
CVE-2025-41378 2025-05-23 N/A 0.0 The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his…
CVE-2025-41377 2025-05-23 N/A 0.0 Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.
CVE-2025-39536 2025-05-23 HIGH 8.2 Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
CVE-2025-39506 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa…
CVE-2025-39505 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4.
CVE-2025-39504 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel allows Blind SQL Injection. This issue affects Goodlayers Hotel: from n/a…
CVE-2025-39503 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.
CVE-2025-39502 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS. This issue affects Goodlayers Hostel: from n/a through 3.1.2.
CVE-2025-39501 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a…
CVE-2025-39500 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.
CVE-2025-39499 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.
CVE-2025-39495 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.
CVE-2025-39494 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from…
CVE-2025-39490 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion. This issue affects Backpack…
CVE-2025-39489 2025-05-23 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.
CVE-2025-39485 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through…
CVE-2025-39480 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection. This issue affects Car Dealer: from n/a through 1.6.6.
« Anterior Página 1168 de 4309 Siguiente »