Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-31641 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider allows SQL Injection. This issue affects UberSlider: from n/a through 2.3.
CVE-2025-31640 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic…
CVE-2025-31639 2025-05-16 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.
CVE-2025-31637 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.
CVE-2025-31630 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVE-2025-31071 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a…
CVE-2025-31068 2025-05-16 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVE-2025-31066 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
CVE-2025-31065 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVE-2025-31063 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
CVE-2025-31062 2025-05-16 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
CVE-2025-47916 2025-05-16 CRITICAL 10.0 Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method…
CVE-2025-47794 2025-05-16 LOW 2.6 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13,…
CVE-2025-47793 2025-05-16 MEDIUM 4.3 Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server…
CVE-2025-47792 2025-05-16 MEDIUM 5.0 Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link…
CVE-2025-47791 2025-05-16 MEDIUM 4.3 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3,…
CVE-2025-4932 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-41429 2025-05-19 MEDIUM 4.8 a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.
CVE-2025-36560 2025-05-19 HIGH 8.6 Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a…
CVE-2025-32999 2025-05-19 MEDIUM 5.4 Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing…
CVE-2025-27566 2025-05-19 LOW 3.8 Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the…
CVE-2025-46801 2025-05-19 CRITICAL 9.8 Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in…
CVE-2025-37891 2025-05-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP…
CVE-2025-4477 2025-05-19 HIGH 7.2 The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.
CVE-2025-2892 2025-05-19 MEDIUM 6.4 The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post…
CVE-2025-4894 2025-05-18 LOW 3.7 A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate…
CVE-2025-48219 2025-05-18 LOW 3.5 O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field…
CVE-2025-4868 2025-05-18 MEDIUM 6.3 A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/…
CVE-2025-4867 2025-05-18 MEDIUM 6.5 A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation…
CVE-2025-3715 2025-05-18 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient…
CVE-2025-4846 2025-05-18 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads…
CVE-2025-4610 2025-05-17 MEDIUM 6.4 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to…
CVE-2025-4819 2025-05-17 LOW 3.1 A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation…
CVE-2025-4391 2025-05-17 CRITICAL 9.8 The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions…
CVE-2025-4389 2025-05-17 CRITICAL 9.8 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions…
CVE-2025-3812 2025-05-17 HIGH 8.1 The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up…
CVE-2025-4194 2025-05-17 MEDIUM 6.1 The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce…
CVE-2025-4189 2025-05-17 MEDIUM 6.1 The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect…
CVE-2025-4805 2025-05-16 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to…
CVE-2025-4804 2025-05-16 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an…
CVE-2025-48188 2025-05-16 LOW 2.9 libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
CVE-2025-32407 2025-05-16 MEDIUM 5.9 Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and…
CVE-2022-4363 2025-05-16 MEDIUM 6.5 The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers…
CVE-2025-22233 2025-05-16 LOW 3.1 CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the…
CVE-2025-4795 2025-05-16 MEDIUM 4.7 A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads…
CVE-2025-4792 2025-05-16 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command Handler. The manipulation leads…
CVE-2025-4476 2025-05-16 MEDIUM 4.3 A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing…
CVE-2025-48146 2025-05-16 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
CVE-2025-48131 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a…
CVE-2025-48128 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.
« Anterior Página 1206 de 4310 Siguiente »