Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-21488 2026-01-06 MEDIUM 6.1 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and…
CVE-2025-20787 2026-01-06 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20786 2026-01-06 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20785 2026-01-06 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20784 2026-01-06 MEDIUM 6.7 In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the…
CVE-2025-20783 2026-01-06 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20782 2026-01-06 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-9637 2026-01-06 MEDIUM 6.5 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing…
CVE-2025-9318 2026-01-06 MEDIUM 6.5 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions…
CVE-2025-14552 2026-01-06 MEDIUM 6.4 The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input…
CVE-2025-9294 2026-01-06 MEDIUM 4.3 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check…
CVE-2025-5919 2026-01-06 MEDIUM 6.5 The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check…
CVE-2025-13964 2026-01-06 MEDIUM 5.3 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all…
CVE-2025-13766 2026-01-06 MEDIUM 5.4 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability…
CVE-2025-14371 2026-01-06 MEDIUM 4.3 The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-13812 2026-01-06 MEDIUM 4.3 The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2025-12067 2026-01-06 MEDIUM 6.4 The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and…
CVE-2026-21411 2026-01-06 HIGH 8.8 Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
CVE-2025-4776 2026-01-06 MEDIUM 6.4 The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input…
CVE-2025-13215 2026-01-06 MEDIUM 5.3 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due…
CVE-2025-15001 2026-01-06 CRITICAL 9.8 The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the…
CVE-2025-14997 2026-01-06 HIGH 7.2 The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete_field' function in all versions…
CVE-2025-14996 2026-01-06 CRITICAL 9.8 The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This…
CVE-2025-14441 2026-01-06 MEDIUM 5.3 The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE `/subscribers` REST API endpoint in all versions up to,…
CVE-2025-14438 2026-01-06 MEDIUM 6.4 The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function.…
CVE-2025-14120 2026-01-06 MEDIUM 6.4 The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient…
CVE-2026-21750 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21749 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21748 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21747 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21746 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21745 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21744 2026-01-06 N/A 0.0 Rejected reason: Not used
CVE-2026-21676 2026-01-06 HIGH 8.8 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function…
CVE-2026-21487 2026-01-06 MEDIUM 6.1 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset…
CVE-2026-21486 2026-01-06 HIGH 7.8 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer…
CVE-2026-0604 2026-01-06 MEDIUM 6.5 The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter…
CVE-2025-14153 2026-01-06 MEDIUM 6.5 The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0…
CVE-2025-14034 2026-01-06 MEDIUM 5.3 The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and…
CVE-2025-13746 2026-01-06 MEDIUM 6.4 The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including,…
CVE-2025-13652 2026-01-06 MEDIUM 6.5 The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to…
CVE-2025-13409 2026-01-06 MEDIUM 4.9 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13…
CVE-2025-11723 2026-01-06 MEDIUM 6.5 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via…
CVE-2025-11370 2026-01-06 MEDIUM 5.3 The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable…
CVE-2026-21673 2026-01-06 HIGH 7.8 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects…
CVE-2025-20802 2026-01-06 N/A 0.0 In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-15364 2026-01-06 HIGH 7.3 The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin…
CVE-2026-21507 2026-01-06 HIGH 7.5 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID.…
CVE-2025-69197 2026-01-06 MEDIUM 6.5 Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled…
CVE-2025-68954 2026-01-06 N/A 0.0 Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance…
« Anterior Página 131 de 3934 Siguiente »