Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-49942	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gardis gardis allows PHP Local File Inclusion.This issue affects Gardis: from…
CVE-2025-49941	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue affects GlamChic: from…
CVE-2025-49919	2025-12-18	MEDIUM	5.8	Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through
CVE-2025-49918	2025-12-18	MEDIUM	5.9	Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine…
CVE-2025-49914	2025-12-18	MEDIUM	6.5	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by…
CVE-2025-49902	2025-12-18	MEDIUM	6.5	Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2025-49379	2025-12-18	HIGH	7.2	Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through
CVE-2025-49371	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allows PHP Local File Inclusion.This issue affects Strux: from…
CVE-2025-49370	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lymcoin lymcoin allows PHP Local File Inclusion.This issue affects Lymcoin: from…
CVE-2025-49369	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce allows PHP Local File Inclusion.This issue affects Lettuce: from…
CVE-2025-49368	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue affects Palladio: from…
CVE-2025-49367	2025-12-18	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Monyxi monyxi allows PHP Local File Inclusion.This issue affects Monyxi: from…
CVE-2025-49041	2025-12-18	MEDIUM	6.5	Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through
CVE-2025-46292	2025-12-17	MEDIUM	5.5	This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able…
CVE-2025-46291	2025-12-17	HIGH	7.8	A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.
CVE-2025-46288	2025-12-17	MEDIUM	5.5	A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may…
CVE-2025-46283	2025-12-17	MEDIUM	5.5	A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
CVE-2025-46282	2025-12-17	MEDIUM	5.5	The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data.
CVE-2025-46281	2025-12-17	HIGH	8.8	A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
CVE-2025-46279	2025-12-17	LOW	3.3	A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2,…
CVE-2025-46278	2025-12-17	MEDIUM	5.5	The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
CVE-2025-14889	2025-12-18	MEDIUM	5.4	A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password…
CVE-2025-46277	2025-12-17	LOW	3.3	A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be…
CVE-2024-58323	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers…
CVE-2024-58322	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by…
CVE-2024-58321	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts…
CVE-2025-14885	2025-12-18	MEDIUM	6.3	A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing…
CVE-2025-14744	2025-12-18	MEDIUM	6.5	Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file…
CVE-2024-58320	2025-12-18	MEDIUM	5.3	An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a…
CVE-2024-58319	2025-12-18	MEDIUM	5.4	A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute…
CVE-2024-58318	2025-12-18	MEDIUM	5.4	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit…
CVE-2024-58317	2025-12-18	MEDIUM	5.3	A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly…
CVE-2023-53941	2025-12-18	CRITICAL	9.8	EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can…
CVE-2023-53940	2025-12-18	HIGH	7.8	Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video…
CVE-2023-53937	2025-12-18	HIGH	7.8	Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL…
CVE-2023-53936	2025-12-18	MEDIUM	5.4	Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts…
CVE-2023-53935	2025-12-18	MEDIUM	5.4	WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements…
CVE-2023-53934	2025-12-18	HIGH	7.5	A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers…
CVE-2023-53738	2025-12-18	MEDIUM	4.6	A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts…
CVE-2023-53736	2025-12-18	MEDIUM	4.6	A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts…
CVE-2022-50686	2025-12-18	MEDIUM	5.3	An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal…
CVE-2022-50685	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious…
CVE-2022-50684	2025-12-18	MEDIUM	4.6	An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML…
CVE-2022-50683	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers…
CVE-2022-50682	2025-12-18	MEDIUM	6.5	A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and…
CVE-2022-50681	2025-12-18	MEDIUM	5.4	A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this…
CVE-2022-50680	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts…
CVE-2021-47712	2025-12-18	HIGH	7.5	A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash…
CVE-2021-47711	2025-12-18	HIGH	8.8	A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential…
CVE-2020-36891	2025-12-18	MEDIUM	4.6	A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by…

« Anterior Página 192 de 3934 Siguiente »