Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-5533 2023-10-20 MEDIUM 5.3 The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and…
CVE-2023-5254 2023-10-19 MEDIUM 5.3 The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to…
CVE-2023-5241 2023-10-19 CRITICAL 9.6 The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level…
CVE-2023-5212 2023-10-19 CRITICAL 9.6 The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible…
CVE-2023-5204 2023-10-19 CRITICAL 9.8 The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user…
CVE-2023-44993 2023-10-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin
CVE-2023-4254 2023-09-04 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2023-4253 2023-09-04 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2023-3175 2023-07-10 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html…
CVE-2023-2811 2023-06-19 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2023-2742 2023-06-19 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the…
CVE-2023-1660 2023-05-08 MEDIUM 6.1 The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to…
CVE-2023-1651 2023-05-08 MEDIUM 5.4 The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such…
CVE-2023-1650 2023-05-08 CRITICAL 9.8 The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object…
CVE-2023-1649 2023-05-08 MEDIUM 4.8 The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2023-1011 2023-05-08 MEDIUM 6.1 The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF…
CVE-2022-47613 2023-03-29 MEDIUM 5.9 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin
CVE-2023-46841 2024-03-20 MEDIUM 6.5 Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return…
CVE-2024-31396 2024-05-22 MEDIUM 6.6 Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with…
CVE-2024-30420 2024-05-22 MEDIUM 4.4 Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a…
CVE-2024-31395 2024-05-22 MEDIUM 6.1 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions…
CVE-2024-31394 2024-05-22 MEDIUM 6.5 Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions…
CVE-2024-30419 2024-05-22 MEDIUM 5.4 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions…
CVE-2024-0453 2024-05-22 MEDIUM 5.0 The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to,…
CVE-2024-0452 2024-05-22 MEDIUM 5.0 The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to,…
CVE-2024-0451 2024-05-22 MEDIUM 5.0 The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to,…
CVE-2023-49330 2024-05-20 HIGH 8.3 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
CVE-2024-4198 2024-04-26 LOW 2.7 Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to…
CVE-2024-4195 2024-04-26 LOW 2.7 Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests…
CVE-2024-4183 2024-04-26 MEDIUM 4.3 Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to…
CVE-2024-4182 2024-04-26 MEDIUM 4.3 Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker…
CVE-2024-32046 2024-04-26 MEDIUM 4.3 Mattermost versions 9.6.x
CVE-2024-22091 2024-04-26 LOW 3.1 Mattermost versions 8.1.x
CVE-2024-1888 2024-02-29 MEDIUM 4.3 Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests…
CVE-2024-23488 2024-02-29 LOW 3.1 Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even…
CVE-2024-1887 2024-02-29 MEDIUM 4.3 Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to…
CVE-2024-25723 2024-02-27 HIGH 8.8 ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of…
CVE-2024-2083 2024-04-16 CRITICAL 9.9 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request…
CVE-2024-27507 2024-02-27 HIGH 7.5 libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.
CVE-2024-26455 2024-02-26 HIGH 7.5 fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
CVE-2025-4132 2025-05-08 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2021-38388 2021-09-08 HIGH 8.8 Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.
CVE-2024-12768 2025-02-01 MEDIUM 5.4 The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is…
CVE-2024-13096 2025-02-01 MEDIUM 4.6 The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-13097 2025-02-01 MEDIUM 5.4 The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13218 2025-01-31 MEDIUM 6.1 The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13219 2025-01-31 MEDIUM 6.1 The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2024-13220 2025-01-31 MEDIUM 6.1 The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading…
CVE-2024-13221 2025-01-31 MEDIUM 6.1 The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2024-13223 2025-01-31 MEDIUM 6.1 The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could…
« Anterior Página 1252 de 4311 Siguiente »