Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47864 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47863 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47862 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47861 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47860 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47859 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-47858 2025-05-13 N/A 0.0 Rejected reason: Not used
CVE-2025-32152 2025-04-04 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File…
CVE-2025-31789 2025-04-03 MEDIUM 6.5 Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.1.
CVE-2024-8404 2024-09-26 HIGH 7.8 An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login…
CVE-2023-51401 2024-05-17 MEDIUM 6.3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons…
CVE-2024-34241 2024-05-17 MEDIUM 4.8 A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and…
CVE-2024-2218 2024-06-14 MEDIUM 4.6 The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2024-3965 2024-06-14 MEDIUM 5.4 The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in…
CVE-2024-3993 2024-06-14 MEDIUM 4.6 The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-4271 2024-06-14 MEDIUM 4.6 The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct…
CVE-2024-4480 2024-06-14 MEDIUM 6.1 The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged…
CVE-2024-3236 2024-06-17 MEDIUM 5.4 The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform…
CVE-2024-4305 2024-06-17 MEDIUM 6.8 The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in…
CVE-2024-28595 2024-03-19 CRITICAL 9.8 SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
CVE-2023-22652 2023-06-01 LOW 3.3 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.
CVE-2024-31008 2024-04-03 MEDIUM 6.5 An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVE-2024-2369 2024-04-02 MEDIUM 5.4 The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the…
CVE-2024-2263 2024-04-01 MEDIUM 4.8 Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be…
CVE-2024-2262 2024-04-01 MEDIUM 4.7 Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF…
CVE-2024-32325 2024-04-18 LOW 2.4 TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
CVE-2024-1846 2024-04-15 MEDIUM 5.4 The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2024-1664 2024-04-09 MEDIUM 6.1 The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2024-28224 2024-04-08 MEDIUM 6.6 Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language…
CVE-2024-2509 2024-04-05 MEDIUM 6.5 The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where…
CVE-2024-2721 2024-03-20 HIGH 8.2 Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0.
CVE-2024-26280 2024-03-01 MEDIUM 4.7 Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they…
CVE-2024-0719 2024-03-18 MEDIUM 5.4 The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-0711 2024-03-18 MEDIUM 6.1 The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-25325 2024-03-12 HIGH 7.1 SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.
CVE-2025-45887 2025-05-09 CRITICAL 9.1 Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.
CVE-2025-28200 2025-05-09 CRITICAL 9.8 Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
CVE-2025-46718 2025-05-12 LOW 3.3 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command)…
CVE-2025-45779 2025-05-12 CRITICAL 9.8 Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
CVE-2025-44830 2025-05-12 CRITICAL 9.8 EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
CVE-2025-46717 2025-05-12 LOW 3.3 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether…
CVE-2025-46611 2025-05-12 MEDIUM 6.1 Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script.
CVE-2025-46610 2025-05-12 HIGH 8.8 ARTEC EMA Mail 6.92 allows CSRF.
CVE-2025-45835 2025-05-12 HIGH 7.5 A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by…
CVE-2025-44022 2025-05-12 CRITICAL 9.8 An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.
CVE-2025-26846 2025-05-12 CRITICAL 9.8 An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
CVE-2025-26841 2025-05-12 MEDIUM 6.1 Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.
CVE-2025-28074 2025-05-08 MEDIUM 6.1 phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths…
CVE-2024-56524 2025-05-12 CRITICAL 9.1 Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request.
CVE-2024-56523 2025-05-12 CRITICAL 9.1 Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP…
« Anterior Página 1243 de 4311 Siguiente »