Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-69364 2026-01-06 N/A 0.0 Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through
CVE-2025-69363 2026-01-06 N/A 0.0 Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through
CVE-2025-69361 2026-01-06 N/A 0.0 Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through
CVE-2025-69359 2026-01-06 N/A 0.0 Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through
CVE-2025-69356 2026-01-06 N/A 0.0 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This…
CVE-2025-69355 2026-01-06 N/A 0.0 Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through
CVE-2025-69342 2026-01-06 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate allows PHP Local File Inclusion.This issue affects Calafate: from…
CVE-2025-69341 2026-01-06 MEDIUM 5.4 Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through
CVE-2025-69336 2026-01-06 MEDIUM 4.3 Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a…
CVE-2025-69335 2026-01-06 N/A 0.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from n/a through
CVE-2025-69334 2026-01-06 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through
CVE-2025-69331 2026-01-06 MEDIUM 4.3 Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through
CVE-2025-69327 2026-01-06 MEDIUM 4.3 Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through
CVE-2025-69086 2026-01-06 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a…
CVE-2025-69085 2026-01-06 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.
CVE-2025-69084 2026-01-06 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26.
CVE-2025-69083 2026-01-06 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a…
CVE-2025-63083 2026-01-06 N/A 0.0 Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVE-2025-63082 2026-01-06 N/A 0.0 Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
CVE-2025-47553 2026-01-06 HIGH 8.8 Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25.
CVE-2025-65212 2026-01-06 CRITICAL 9.8 An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to…
CVE-2025-59379 2026-01-06 HIGH 7.5 DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter…
CVE-2025-39477 2026-01-06 CRITICAL 9.8 Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
CVE-2025-36589 2026-01-06 HIGH 7.6 Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability,…
CVE-2025-14026 2026-01-06 HIGH 7.8 Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign…
CVE-2024-30547 2026-01-06 HIGH 7.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from…
CVE-2026-0640 2026-01-06 HIGH 8.8 A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to…
CVE-2025-60262 2026-01-06 CRITICAL 9.8 An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously…
CVE-2025-14979 2026-01-06 N/A 0.0 AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.
CVE-2020-36925 2026-01-06 CRITICAL 9.8 Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within…
CVE-2020-36924 2026-01-06 HIGH 7.5 Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit…
CVE-2020-36922 2026-01-06 HIGH 7.5 Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information,…
CVE-2020-36921 2026-01-06 HIGH 7.5 RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve…
CVE-2020-36917 2026-01-06 HIGH 7.5 iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the…
CVE-2020-36914 2026-01-06 HIGH 7.5 QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform…
CVE-2020-36912 2026-01-06 CRITICAL 9.8 Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious…
CVE-2020-36910 2026-01-06 HIGH 8.8 Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute…
CVE-2020-36909 2026-01-06 MEDIUM 6.5 SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate…
CVE-2020-36908 2026-01-06 MEDIUM 5.3 SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web…
CVE-2020-36907 2026-01-06 HIGH 7.5 Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP…
CVE-2020-36906 2026-01-06 MEDIUM 4.3 P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add…
CVE-2020-36905 2026-01-06 HIGH 7.5 FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the…
CVE-2026-21493 2026-01-06 MEDIUM 6.6 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class…
CVE-2025-46696 2026-01-06 MEDIUM 6.4 Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access…
CVE-2025-20807 2026-01-06 MEDIUM 6.7 In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has…
CVE-2025-20806 2026-01-06 MEDIUM 6.7 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20805 2026-01-06 MEDIUM 6.7 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20804 2026-01-06 MEDIUM 6.7 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20803 2026-01-06 MEDIUM 6.7 In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2026-21489 2026-01-06 MEDIUM 6.1 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound)…
« Anterior Página 130 de 3934 Siguiente »