Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-14462	2025-12-13	MEDIUM	4.3	The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect…
CVE-2025-14454	2025-12-13	MEDIUM	4.3	The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is…
CVE-2025-14451	2025-12-13	MEDIUM	4.7	The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the…
CVE-2025-14447	2025-12-13	MEDIUM	5.3	The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu_reset_options() function in all versions up to,…
CVE-2025-14446	2025-12-13	MEDIUM	6.5	The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all…
CVE-2025-14440	2025-12-13	CRITICAL	9.8	The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in…
CVE-2025-14397	2025-12-13	HIGH	8.8	The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all…
CVE-2025-14395	2025-12-13	MEDIUM	4.3	The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all…
CVE-2025-14394	2025-12-13	MEDIUM	4.3	The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation.…
CVE-2025-14378	2025-12-13	MEDIUM	4.4	The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization…
CVE-2025-14367	2025-12-13	MEDIUM	5.3	The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in…
CVE-2025-14366	2025-12-13	MEDIUM	5.3	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on…
CVE-2025-14365	2025-12-13	MEDIUM	5.3	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on…
CVE-2025-14288	2025-12-13	MEDIUM	4.3	The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2025-14278	2025-12-13	MEDIUM	6.4	The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_title' parameter in all versions up to, and including, 1.7.4 due to…
CVE-2025-14056	2025-12-13	MEDIUM	4.4	The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all versions up to,…
CVE-2025-14050	2025-12-13	MEDIUM	4.9	The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on…
CVE-2025-13705	2025-12-13	MEDIUM	6.4	The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1…
CVE-2025-13403	2025-12-13	MEDIUM	5.3	The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the…
CVE-2025-13094	2025-12-13	HIGH	8.8	The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up…
CVE-2025-13093	2025-12-13	MEDIUM	5.3	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-13092	2025-12-13	MEDIUM	5.3	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
CVE-2025-13089	2025-12-13	HIGH	7.5	The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and including, 1.4.7 due…
CVE-2025-13077	2025-12-13	HIGH	7.5	The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions…
CVE-2025-12512	2025-12-13	MEDIUM	4.3	The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the…
CVE-2025-12362	2025-12-13	MEDIUM	5.3	The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.…
CVE-2025-12109	2025-12-13	MEDIUM	6.4	The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in…
CVE-2025-12077	2025-12-13	MEDIUM	6.1	The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient…
CVE-2025-12076	2025-12-13	MEDIUM	6.1	The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient…
CVE-2025-11970	2025-12-13	MEDIUM	4.4	The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking \| SEO Optimized \| Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in…
CVE-2025-11707	2025-12-13	MEDIUM	5.3	The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key…
CVE-2025-11693	2025-12-13	CRITICAL	9.8	The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly…
CVE-2025-11376	2025-12-13	MEDIUM	6.4	The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_loop' shortcode in all versions up to, and including, 1.0.335 due to…
CVE-2025-11164	2025-12-13	MEDIUM	4.3	The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up…
CVE-2025-10738	2025-12-13	CRITICAL	9.8	The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to…
CVE-2025-10289	2025-12-13	MEDIUM	5.9	The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping…
CVE-2025-0969	2025-12-13	MEDIUM	6.5	The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes…
CVE-2025-13970	2025-12-13	HIGH	8.0	OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in…
CVE-2025-67749	2025-12-12	N/A	0.0	PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD…
CVE-2025-67721	2025-12-12	N/A	0.0	Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in…
CVE-2025-14585	2025-12-12	HIGH	7.3	A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID…
CVE-2025-14584	2025-12-12	HIGH	7.3	A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of…
CVE-2025-14066	2025-12-12	N/A	0.0	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-14583	2025-12-12	HIGH	7.3	A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can…
CVE-2025-14582	2025-12-12	MEDIUM	4.7	A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in…
CVE-2025-67750	2025-12-12	HIGH	8.4	Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously…
CVE-2025-67634	2025-12-12	MEDIUM	4.4	The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import…
CVE-2025-46289	2025-12-12	N/A	0.0	A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected…
CVE-2025-46287	2025-12-12	N/A	0.0	An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An attacker may be able to…
CVE-2025-46285	2025-12-12	N/A	0.0	An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root…

« Anterior Página 213 de 3933 Siguiente »