Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-32540	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through
CVE-2026-32538	2026-03-25	HIGH	7.5	Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through
CVE-2026-32537	2026-03-25	HIGH	7.5	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local…
CVE-2026-32536	2026-03-25	CRITICAL	9.9	Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through
CVE-2026-32534	2026-03-25	HIGH	8.5	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk:…
CVE-2026-32532	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form…
CVE-2026-32531	2026-03-25	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from…
CVE-2026-32529	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
CVE-2026-32528	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
CVE-2026-32526	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for…
CVE-2026-32521	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin…
CVE-2026-32518	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.
CVE-2026-32517	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through
CVE-2026-32513	2026-03-25	HIGH	8.8	Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through
CVE-2026-32511	2026-03-25	MEDIUM	5.4	Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.
CVE-2026-32507	2026-03-25	MEDIUM	5.4	Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4.
CVE-2026-32494	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2026-32491	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through
CVE-2026-32490	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripAdvisor Review Slider wp-tripadvisor-review-slider allows Stored XSS.This issue affects WP TripAdvisor Review Slider: from…
CVE-2026-31914	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through
CVE-2026-28895	2026-03-25	MEDIUM	4.6	The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen…
CVE-2026-28863	2026-03-25	MEDIUM	6.5	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be…
CVE-2026-28856	2026-03-25	MEDIUM	4.6	The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a…
CVE-2026-28855	2026-03-25	HIGH	7.5	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access…
CVE-2026-27088	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through
CVE-2026-27087	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through
CVE-2026-27054	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from…
CVE-2026-25465	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event…
CVE-2026-25461	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through
CVE-2026-25452	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through
CVE-2026-25435	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking…
CVE-2026-25417	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through
CVE-2026-25383	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through
CVE-2026-25376	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through
CVE-2026-25373	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through < 6.8.
CVE-2026-25361	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through
CVE-2026-25356	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.
CVE-2026-25355	2026-03-25	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.
CVE-2026-25354	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.
CVE-2026-25353	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Nooni nooni allows Reflected XSS.This issue affects Nooni: from n/a through < 1.5.1.
CVE-2026-25352	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.9.
CVE-2026-25351	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through < 1.7.7.
CVE-2026-25350	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.
CVE-2026-25349	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through < 1.5.2.
CVE-2026-25347	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through
CVE-2026-25346	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2026-25342	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.
CVE-2026-25341	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through
CVE-2026-25306	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through
CVE-2026-25304	2026-03-25	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through < 1.4.8.

« Anterior Página 15 de 4100 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte