Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-67857 2026-02-03 MEDIUM 4.3 A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs,…
CVE-2025-67856 2026-02-03 MEDIUM 5.4 A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper…
CVE-2025-67855 2026-02-03 MEDIUM 5.4 A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient…
CVE-2025-67853 2026-02-03 HIGH 7.5 A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more…
CVE-2025-67852 2026-02-03 LOW 3.5 A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have…
CVE-2025-67851 2026-02-03 MEDIUM 6.1 A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious…
CVE-2025-67850 2026-02-03 HIGH 7.3 A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields.…
CVE-2025-67849 2026-02-03 HIGH 7.3 A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into…
CVE-2025-67848 2026-02-03 HIGH 8.1 A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI…
CVE-2025-59902 2026-02-03 N/A 0.0 HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters…
CVE-2025-41065 2026-02-03 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload…
CVE-2025-8461 2026-02-03 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026.  NOTE: The vendor…
CVE-2025-8456 2026-02-03 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This…
CVE-2026-1730 2026-02-03 HIGH 8.8 The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to,…
CVE-2026-1592 2026-02-03 MEDIUM 6.3 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary…
CVE-2026-1591 2026-02-03 MEDIUM 6.3 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper…
CVE-2026-1375 2026-02-03 HIGH 8.1 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5.…
CVE-2026-1371 2026-02-03 MEDIUM 5.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is…
CVE-2025-8590 2026-02-03 HIGH 7.5 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.
CVE-2025-8589 2026-02-03 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects…
CVE-2026-24465 2026-02-03 CRITICAL 9.8 Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
CVE-2026-24449 2026-02-03 MEDIUM 4.6 For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
CVE-2026-22550 2026-02-03 HIGH 7.2 OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
CVE-2026-20704 2026-02-03 MEDIUM 4.3 Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
CVE-2026-1447 2026-02-03 MEDIUM 5.4 The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on…
CVE-2026-1210 2026-02-03 MEDIUM 6.4 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, and including, 3.20.7 due…
CVE-2026-1065 2026-02-03 HIGH 7.2 The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's…
CVE-2026-1058 2026-02-03 HIGH 7.1 The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to…
CVE-2026-0617 2026-02-03 HIGH 7.2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up…
CVE-2026-24694 2026-02-03 HIGH 7.8 The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of…
CVE-2026-0950 2026-02-03 MEDIUM 5.3 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This…
CVE-2025-9711 2026-02-03 N/A 0.0 A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg…
CVE-2025-58381 2026-02-03 N/A 0.0 A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the…
CVE-2025-14274 2026-02-03 MEDIUM 5.4 The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Border Hero widget's Button Link field in versions up to 2.0.1. This…
CVE-2025-58380 2026-02-03 N/A 0.0 A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move…
CVE-2026-24936 2026-02-03 N/A 0.0 When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote…
CVE-2026-1788 2026-02-03 N/A 0.0 : Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through…
CVE-2026-0909 2026-02-03 MEDIUM 5.3 The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX…
CVE-2026-0383 2026-02-03 N/A 0.0 A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history…
CVE-2026-24935 2026-02-03 N/A 0.0 A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle (MitM)…
CVE-2026-24934 2026-02-03 N/A 0.0 The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated…
CVE-2026-24933 2026-02-03 N/A 0.0 The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can…
CVE-2026-24932 2026-02-03 N/A 0.0 The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates…
CVE-2025-67484 2026-02-03 N/A 0.0 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67483 2026-02-03 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects…
CVE-2025-67482 2026-02-03 N/A 0.0 Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1;…
CVE-2025-67481 2026-02-03 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects…
CVE-2025-67480 2026-02-03 N/A 0.0 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67479 2026-02-03 N/A 0.0 Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite:…
CVE-2025-67478 2026-02-03 N/A 0.0 Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.
« Anterior Página 21 de 3912 Siguiente »