Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-66151 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.
CVE-2025-66150 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1.
CVE-2025-66149 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3.
CVE-2025-34468 2025-12-31 N/A 0.0 libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed…
CVE-2025-34467 2025-12-31 N/A 0.0 ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests…
CVE-2025-15394 2025-12-31 MEDIUM 4.7 A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the…
CVE-2025-15393 2025-12-31 MEDIUM 6.3 A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The…
CVE-2021-47747 2025-12-31 HIGH 8.8 meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands…
CVE-2021-47745 2025-12-31 HIGH 8.8 Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url'…
CVE-2021-47744 2025-12-31 HIGH 7.5 Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via…
CVE-2021-47743 2025-12-31 MEDIUM 6.1 COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into…
CVE-2021-47742 2025-12-31 HIGH 8.8 Epic Games Psyonix Rocket League
CVE-2021-47741 2025-12-31 HIGH 7.5 ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit…
CVE-2021-47740 2025-12-31 HIGH 7.5 KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session…
CVE-2021-47726 2025-12-31 HIGH 7.5 NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted…
CVE-2021-47725 2025-12-31 MEDIUM 5.4 STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input…
CVE-2020-36904 2025-12-31 HIGH 7.5 Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through…
CVE-2020-36903 2025-12-31 HIGH 8.4 Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit…
CVE-2025-62989 2025-12-31 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2.
CVE-2025-59135 2025-12-31 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5.
CVE-2025-49355 2025-12-31 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2.
CVE-2025-49337 2025-12-31 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0.
CVE-2025-23608 2025-12-31 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.2.
CVE-2025-15392 2025-12-31 MEDIUM 6.3 A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation…
CVE-2025-15391 2025-12-31 MEDIUM 6.3 A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can…
CVE-2025-66160 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for…
CVE-2025-66159 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Walker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through 1.1.6.
CVE-2025-66158 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Gmaper for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through 1.0.9.
CVE-2025-66157 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider for Elementor: from n/a through 1.0.10.
CVE-2025-66156 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9.
CVE-2025-66155 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.
CVE-2025-66154 2025-12-31 MEDIUM 5.4 Missing Authorization vulnerability in merkulove Couponer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through 1.1.7.
CVE-2025-63038 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through…
CVE-2025-63021 2025-12-31 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3.
CVE-2025-62874 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6.
CVE-2025-62123 2025-12-31 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7.
CVE-2025-62115 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in ThemeBoy Hide Plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through 1.0.4.
CVE-2025-62113 2025-12-31 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.Fr allows Cross Site Request Forgery.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.77.
CVE-2025-62101 2025-12-31 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0.
CVE-2025-62099 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through…
CVE-2025-62088 2025-12-31 MEDIUM 5.4 Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper…
CVE-2025-62083 2025-12-31 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress…
CVE-2025-62078 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a…
CVE-2025-59138 2025-12-31 MEDIUM 4.9 Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.
CVE-2025-49352 2025-12-31 MEDIUM 4.3 Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation &…
CVE-2025-49340 2025-12-31 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a…
CVE-2025-49339 2025-12-31 MEDIUM 4.3 Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0.
CVE-2019-25262 2025-12-31 LOW 3.5 A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such…
CVE-2025-64699 2025-12-31 N/A 0.0 An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a…
CVE-2025-63040 2025-12-31 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.
« Anterior Página 152 de 3933 Siguiente »