Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-32527	2026-03-25	N/A	0.0	Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2026-32524	2026-03-25	N/A	0.0	Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from…
CVE-2026-32522	2026-03-25	N/A	0.0	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System:…
CVE-2026-32520	2026-03-25	N/A	0.0	Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through
CVE-2026-32519	2026-03-25	N/A	0.0	Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through
CVE-2026-32516	2026-03-25	N/A	0.0	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin:…
CVE-2026-32514	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through
CVE-2026-32512	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.
CVE-2026-32510	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
CVE-2026-32508	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.
CVE-2026-32506	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.
CVE-2026-32504	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from…
CVE-2026-32503	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from…
CVE-2026-32502	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6.
CVE-2026-32501	2026-03-25	N/A	0.0	Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through
CVE-2026-32500	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from…
CVE-2026-32499	2026-03-25	N/A	0.0	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through
CVE-2026-32498	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through
CVE-2026-32497	2026-03-25	N/A	0.0	Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through
CVE-2026-32496	2026-03-25	N/A	0.0	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect…
CVE-2026-32495	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through
CVE-2026-32493	2026-03-25	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through
CVE-2026-32492	2026-03-25	N/A	0.0	Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through
CVE-2026-32489	2026-03-25	N/A	0.0	Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32488	2026-03-25	N/A	0.0	Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through
CVE-2026-32485	2026-03-25	N/A	0.0	Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through
CVE-2026-32484	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through
CVE-2026-32483	2026-03-25	N/A	0.0	Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through
CVE-2026-32482	2026-03-25	N/A	0.0	Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through <…
CVE-2026-32441	2026-03-25	N/A	0.0	Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through
CVE-2026-31921	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through
CVE-2026-31920	2026-03-25	N/A	0.0	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product…
CVE-2026-31913	2026-03-25	N/A	0.0	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16.
CVE-2026-2995	2026-03-25	HIGH	7.7	GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2973	2026-03-25	MEDIUM	5.4	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2745	2026-03-25	MEDIUM	6.8	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated…
CVE-2026-2726	2026-03-25	MEDIUM	4.3	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2414	2026-03-25	N/A	0.0	Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
CVE-2026-29092	2026-03-25	MEDIUM	4.9	Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after…
CVE-2026-27659	2026-03-25	MEDIUM	4.6	Mattermost versions 11.2.x
CVE-2026-27656	2026-03-25	MEDIUM	5.7	Mattermost versions 11.4.x
CVE-2026-27095	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through
CVE-2026-27084	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through
CVE-2026-27083	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through
CVE-2026-27082	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through
CVE-2026-27081	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from…
CVE-2026-27080	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from…
CVE-2026-27079	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from…
CVE-2026-27078	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from…
CVE-2026-27077	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from…

« Anterior Página 18 de 4100 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte