Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4291 2025-05-05 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible…
CVE-2025-33093 2025-05-07 HIGH 7.5 IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
CVE-2025-4104 2025-05-07 CRITICAL 9.8 The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes…
CVE-2025-39361 2025-05-07 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1017.
CVE-2025-27533 2025-05-07 N/A 0.0 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to…
CVE-2025-20980 2025-05-07 MEDIUM 4.0 Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-20979 2025-05-07 HIGH 8.4 Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
CVE-2025-20978 2025-05-07 MEDIUM 6.2 Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.
CVE-2025-20977 2025-05-07 LOW 3.3 Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for…
CVE-2025-20976 2025-05-07 MEDIUM 5.5 Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.
CVE-2025-20975 2025-05-07 MEDIUM 5.5 Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege.
CVE-2025-20974 2025-05-07 MEDIUM 6.1 Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.
CVE-2025-20973 2025-05-07 MEDIUM 5.4 Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
CVE-2025-20972 2025-05-07 MEDIUM 6.2 Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.
CVE-2025-20971 2025-05-07 MEDIUM 5.5 Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.
CVE-2025-20970 2025-05-07 MEDIUM 6.2 Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files…
CVE-2025-20969 2025-05-07 MEDIUM 5.5 Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to…
CVE-2025-20968 2025-05-07 HIGH 7.2 Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to…
CVE-2025-20967 2025-05-07 MEDIUM 5.1 Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read…
CVE-2025-20966 2025-05-07 MEDIUM 4.6 Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to…
CVE-2025-20965 2025-05-07 MEDIUM 6.2 Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data.
CVE-2025-20956 2025-05-07 MEDIUM 4.3 Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.
CVE-2025-20949 2025-05-07 MEDIUM 5.1 Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVE-2025-4171 2025-05-07 MEDIUM 6.4 The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up…
CVE-2024-12120 2025-05-07 MEDIUM 5.4 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including,…
CVE-2025-1400 2025-05-07 LOW 3.1 Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.
CVE-2025-1399 2025-05-07 LOW 3.1 Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.
CVE-2025-3766 2025-05-07 MEDIUM 5.4 The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up…
CVE-2025-4335 2025-05-07 HIGH 8.8 The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user…
CVE-2025-4220 2025-05-07 MEDIUM 6.4 The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to…
CVE-2025-4055 2025-05-07 MEDIUM 6.4 The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due…
CVE-2025-4054 2025-05-07 MEDIUM 6.1 The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 due…
CVE-2025-3924 2025-05-07 MEDIUM 5.3 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value…
CVE-2025-3921 2025-05-07 HIGH 8.2 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1…
CVE-2025-3860 2025-05-07 MEDIUM 6.4 The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization…
CVE-2025-3853 2025-05-07 MEDIUM 6.5 The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on…
CVE-2025-3852 2025-05-07 HIGH 8.8 The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not…
CVE-2025-3851 2025-05-07 MEDIUM 4.3 The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the…
CVE-2025-3844 2025-05-07 CRITICAL 9.8 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions…
CVE-2025-2821 2025-05-07 MEDIUM 5.3 The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to,…
CVE-2025-3218 2025-05-07 MEDIUM 5.4 IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could…
CVE-2025-0856 2025-05-06 HIGH 7.3 The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions…
CVE-2025-0855 2025-05-06 CRITICAL 9.8 The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header'…
CVE-2025-47420 2025-05-06 N/A 0.0 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
CVE-2025-0853 2025-05-06 HIGH 7.5 The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due…
CVE-2025-47419 2025-05-06 N/A 0.0 Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes…
CVE-2025-47418 2025-05-06 N/A 0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording…
CVE-2025-0649 2025-05-06 N/A 0.0 Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
CVE-2025-47417 2025-05-06 N/A 0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of…
CVE-2025-47256 2025-05-06 MEDIUM 5.6 Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.
« Anterior Página 1278 de 4312 Siguiente »