Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-46434 2026-01-07 MEDIUM 6.5 Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro:…
CVE-2025-46256 2026-01-07 MEDIUM 6.4 Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
CVE-2025-32303 2026-01-07 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2026-22162 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22161 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22160 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22159 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22158 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22157 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22156 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-20893 2026-01-07 HIGH 7.8 Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to…
CVE-2026-0656 2026-01-07 HIGH 8.2 The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is…
CVE-2026-0650 2026-01-07 N/A 0.0 OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted…
CVE-2026-0649 2026-01-07 MEDIUM 4.7 A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The…
CVE-2025-9611 2026-01-07 N/A 0.0 Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via…
CVE-2025-69344 2026-01-07 MEDIUM 4.3 Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.
CVE-2025-69333 2026-01-07 MEDIUM 4.3 Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
CVE-2025-69082 2026-01-07 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
CVE-2025-69081 2026-01-07 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope:…
CVE-2025-69080 2026-01-07 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a…
CVE-2025-47396 2026-01-07 HIGH 7.8 Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVE-2025-47395 2026-01-07 MEDIUM 6.5 Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
CVE-2025-47394 2026-01-07 HIGH 7.8 Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2025-47393 2026-01-07 HIGH 7.8 Memory corruption when accessing resources in kernel driver.
CVE-2025-47388 2026-01-07 HIGH 7.8 Memory corruption while passing pages to DSP with an unaligned starting address.
CVE-2025-47380 2026-01-07 HIGH 7.8 Memory corruption while preprocessing IOCTLs in sensors.
CVE-2025-47369 2026-01-07 MEDIUM 5.5 Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2025-47356 2026-01-07 HIGH 7.8 Memory Corruption when multiple threads concurrently access and modify shared resources.
CVE-2025-47348 2026-01-07 HIGH 7.8 Memory corruption while processing identity credential operations in the trusted application.
CVE-2025-47346 2026-01-07 HIGH 7.8 Memory corruption while processing a secure logging command in the trusted application.
CVE-2025-47345 2026-01-07 HIGH 8.4 Cryptographic issue may occur while encrypting license data.
CVE-2025-47344 2026-01-07 MEDIUM 6.7 Memory corruption while handling sensor utility operations.
CVE-2025-47343 2026-01-07 HIGH 7.8 Memory corruption while processing a video session to set video parameters.
CVE-2025-47339 2026-01-07 HIGH 7.8 Memory corruption while deinitializing a HDCP session.
CVE-2025-47337 2026-01-07 MEDIUM 6.7 Memory corruption while accessing a synchronization object during concurrent operations.
CVE-2025-47336 2026-01-07 MEDIUM 6.7 Memory corruption while performing sensor register read operations.
CVE-2025-47335 2026-01-07 MEDIUM 6.7 Memory corruption while parsing clock configuration data for a specific hardware type.
CVE-2025-47334 2026-01-07 MEDIUM 6.7 Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2025-47333 2026-01-07 MEDIUM 6.6 Memory corruption while handling buffer mapping operations in the cryptographic driver.
CVE-2025-47332 2026-01-07 MEDIUM 6.7 Memory corruption while processing a config call from userspace.
CVE-2025-47331 2026-01-07 MEDIUM 6.1 Information disclosure while processing a firmware event.
CVE-2025-47330 2026-01-07 MEDIUM 5.5 Transient DOS while parsing video packets received from the video firmware.
CVE-2025-32300 2026-01-07 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a…
CVE-2025-31964 2026-01-07 LOW 2.2 Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound…
CVE-2025-31963 2026-01-07 LOW 2.9 Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via…
CVE-2025-31962 2026-01-07 LOW 2.0 Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints…
CVE-2025-31643 2026-01-07 HIGH 8.8 Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-15474 2026-01-07 N/A 0.0 AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of…
CVE-2025-15472 2026-01-07 HIGH 7.2 A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL…
CVE-2025-15158 2026-01-07 HIGH 8.8 The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to,…
« Anterior Página 126 de 3934 Siguiente »