Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2019-25559 2026-03-21 MEDIUM 5.5 SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string.…
CVE-2019-25558 2026-03-21 MEDIUM 6.2 Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer.…
CVE-2019-25557 2026-03-21 MEDIUM 6.2 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create…
CVE-2019-25556 2026-03-21 MEDIUM 6.2 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long…
CVE-2019-25555 2026-03-21 MEDIUM 6.2 TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large…
CVE-2019-25554 2026-03-21 MEDIUM 5.5 Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field.…
CVE-2019-25553 2026-03-21 MEDIUM 6.2 CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create…
CVE-2019-25552 2026-03-21 HIGH 7.5 CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers…
CVE-2019-25551 2026-03-21 MEDIUM 6.2 Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field.…
CVE-2019-25550 2026-03-21 MEDIUM 6.2 Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a…
CVE-2019-25549 2026-03-21 MEDIUM 6.2 VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger…
CVE-2019-25548 2026-03-21 MEDIUM 6.2 BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a…
CVE-2019-25547 2026-03-21 MEDIUM 6.2 NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a…
CVE-2019-25546 2026-03-21 MEDIUM 6.2 NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can…
CVE-2019-25545 2026-03-21 MEDIUM 6.2 Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field.…
CVE-2019-25544 2026-03-21 MEDIUM 6.2 Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can…
CVE-2026-4515 2026-03-21 MEDIUM 6.3 A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It…
CVE-2026-4514 2026-03-21 MEDIUM 6.3 A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a…
CVE-2026-4513 2026-03-21 MEDIUM 6.3 A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql…
CVE-2026-4511 2026-03-21 MEDIUM 6.3 A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack…
CVE-2026-4510 2026-03-21 MEDIUM 4.3 A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the…
CVE-2026-4373 2026-03-21 HIGH 7.5 The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array'…
CVE-2026-4509 2026-03-21 MEDIUM 6.3 A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of…
CVE-2026-4261 2026-03-21 HIGH 8.8 The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user…
CVE-2026-4161 2026-03-21 MEDIUM 4.4 The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to…
CVE-2026-4143 2026-03-21 MEDIUM 4.3 The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce…
CVE-2026-4127 2026-03-21 MEDIUM 5.3 The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_speedup01_enabled` AJAX action,…
CVE-2026-4087 2026-03-21 MEDIUM 6.5 The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints AJAX action in all versions up to, and…
CVE-2026-4086 2026-03-21 MEDIUM 6.4 The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wp_random_button' shortcode in all versions…
CVE-2026-4084 2026-03-21 MEDIUM 6.4 The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1.…
CVE-2026-4077 2026-03-21 MEDIUM 6.4 The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and…
CVE-2026-4072 2026-03-21 MEDIUM 6.4 The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'donate' shortcode in all versions up to, and including, 1.01. This is due…
CVE-2026-4069 2026-03-21 MEDIUM 6.1 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is…
CVE-2026-4067 2026-03-21 MEDIUM 6.4 The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribute in all versions up to and including 2.0.1. This is…
CVE-2026-4022 2026-03-21 MEDIUM 6.4 The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_type' shortcode attribute in the 'swiftpost-list' shortcode…
CVE-2026-4004 2026-03-21 MEDIUM 6.5 The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due…
CVE-2026-3997 2026-03-21 MEDIUM 6.4 The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute of the [tt_part] and [tt] shortcodes in all versions up to…
CVE-2026-3996 2026-03-21 MEDIUM 6.4 The WP Games Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [game] shortcode in all versions up to and including 0.1beta. This is due…
CVE-2026-3651 2026-03-21 MEDIUM 5.3 The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the…
CVE-2026-3645 2026-03-21 MEDIUM 5.3 The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the…
CVE-2026-3641 2026-03-21 MEDIUM 5.3 The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public…
CVE-2026-3619 2026-03-21 MEDIUM 6.4 The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the [sheets2table-render-table] shortcode in all versions up to and including 0.4.1.…
CVE-2026-3617 2026-03-21 MEDIUM 6.4 The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This…
CVE-2026-3570 2026-03-21 MEDIUM 5.3 The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks…
CVE-2026-3554 2026-03-21 MEDIUM 6.4 The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1.…
CVE-2026-3546 2026-03-21 MEDIUM 5.3 The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a…
CVE-2026-3506 2026-03-21 MEDIUM 5.3 The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly…
CVE-2026-3478 2026-03-21 HIGH 7.2 The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the redux_p AJAX action in the…
CVE-2026-3460 2026-03-21 MEDIUM 5.3 The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the…
CVE-2026-3354 2026-03-21 MEDIUM 4.4 The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to…
« Anterior Página 148 de 4211 Siguiente »