Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-34212 2025-09-29 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the…
CVE-2025-34211 2025-09-29 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching…
CVE-2025-34209 2025-09-29 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase…
CVE-2025-10859 2025-09-30 MEDIUM 4.0 Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed…
CVE-2025-10991 2025-09-30 N/A 0.0 The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue…
CVE-2024-58040 2025-09-30 CRITICAL 9.1 Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
CVE-2025-34207 2025-09-29 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following…
CVE-2025-41244 2025-09-29 HIGH 7.8 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed…
CVE-2025-11153 2025-09-30 N/A 0.0 This vulnerability affects Firefox < 143.0.3.
CVE-2025-11152 2025-09-30 N/A 0.0 This vulnerability affects Firefox < 143.0.3.
CVE-2025-10217 2025-09-30 N/A 0.0 A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially…
CVE-2025-9993 2025-09-30 HIGH 8.1 The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This…
CVE-2025-9991 2025-09-30 HIGH 8.1 The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes…
CVE-2025-9948 2025-09-30 MEDIUM 4.3 The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect…
CVE-2025-9946 2025-09-30 MEDIUM 6.1 The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing…
CVE-2025-9852 2025-09-30 MEDIUM 6.4 The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to…
CVE-2025-9762 2025-09-30 CRITICAL 9.8 The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to,…
CVE-2025-8877 2025-09-30 HIGH 7.5 The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the…
CVE-2025-8777 2025-09-30 MEDIUM 6.4 The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization…
CVE-2025-8625 2025-09-30 CRITICAL 9.8 The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded…
CVE-2025-8624 2025-09-30 MEDIUM 6.4 The Nexa Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Google Maps widget in all versions up to, and including, 1.1.0 due to…
CVE-2025-8623 2025-09-30 MEDIUM 6.4 The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmaps_menu shortcode in all versions up to, and including, 1.2.0 due…
CVE-2025-8608 2025-09-30 MEDIUM 6.4 The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due…
CVE-2025-8566 2025-09-30 MEDIUM 6.4 The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to,…
CVE-2025-8560 2025-09-30 MEDIUM 6.4 The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization…
CVE-2025-8559 2025-09-30 MEDIUM 6.5 The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes…
CVE-2025-8214 2025-09-30 MEDIUM 6.4 The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typing Letter widget in all versions up to, and including, 2.1.5…
CVE-2025-8122 2025-09-30 N/A 0.0 Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip.…
CVE-2025-8121 2025-09-30 N/A 0.0 Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and…
CVE-2025-8120 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-8119 2025-09-30 N/A 0.0 PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a…
CVE-2025-8118 2025-09-30 N/A 0.0 PAD CMS implements weak client-side brute-force protection by utilizing two cookies:  login_count and login_timeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker…
CVE-2025-8117 2025-09-30 N/A 0.0 PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all…
CVE-2025-8116 2025-09-30 N/A 0.0 PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in…
CVE-2025-7065 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-7063 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-7052 2025-09-30 HIGH 8.8 The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the…
CVE-2025-7038 2025-09-30 HIGH 8.2 The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up…
CVE-2025-6941 2025-09-30 MEDIUM 6.4 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepoint_resources' shortcode in…
CVE-2025-6815 2025-09-30 MEDIUM 5.5 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ parameter in all versions up to,…
CVE-2025-61633 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61632 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61631 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61630 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61629 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61628 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61627 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61626 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61584 2025-09-30 N/A 0.0 serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action…
CVE-2025-59668 2025-09-30 HIGH 7.5 Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.
« Anterior Página 128 de 3647 Siguiente »