Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13954 2025-12-10 N/A 0.0 Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2025-12952 2025-12-10 N/A 0.0 A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token…
CVE-2025-9571 2025-12-10 N/A 0.0 A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code…
CVE-2025-13339 2025-12-10 HIGH 7.5 The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes…
CVE-2025-67613 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67612 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67611 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67610 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67609 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67608 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67607 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67606 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-67605 2025-12-10 N/A 0.0 Rejected reason: Not used
CVE-2025-13677 2025-12-10 MEDIUM 4.9 The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in…
CVE-2025-13613 2025-12-10 CRITICAL 9.8 The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging…
CVE-2025-67507 2025-12-10 HIGH 8.1 Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication,…
CVE-2025-67506 2025-12-10 CRITICAL 9.8 PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a…
CVE-2025-67485 2025-12-10 MEDIUM 5.3 mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS…
CVE-2025-67503 2025-12-10 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-67502 2025-12-10 MEDIUM 5.4 Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The…
CVE-2025-67501 2025-12-10 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php…
CVE-2025-67500 2025-12-10 LOW 3.7 Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error…
CVE-2025-67499 2025-12-10 MEDIUM 6.6 The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the…
CVE-2025-64898 2025-12-10 MEDIUM 4.3 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this…
CVE-2025-64897 2025-12-10 MEDIUM 5.6 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and…
CVE-2025-61823 2025-12-10 MEDIUM 6.2 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read.…
CVE-2025-61822 2025-12-10 MEDIUM 6.2 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this…
CVE-2025-61821 2025-12-10 MEDIUM 6.8 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read.…
CVE-2025-61813 2025-12-10 HIGH 8.2 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read.…
CVE-2025-61812 2025-12-10 HIGH 8.4 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation…
CVE-2025-61811 2025-12-10 HIGH 8.4 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61810 2025-12-10 HIGH 8.4 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-61809 2025-12-10 CRITICAL 9.1 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this…
CVE-2025-61808 2025-12-10 CRITICAL 9.1 ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a…
CVE-2025-67498 2025-12-09 N/A 0.0 Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2025-67497 2025-12-09 N/A 0.0 Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2025-67495 2025-12-09 HIGH 8.0 ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to…
CVE-2025-13760 2025-12-09 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-67599 2025-12-09 MEDIUM 4.3 Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through
CVE-2025-67598 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through
CVE-2025-67597 2025-12-09 MEDIUM 4.3 Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through
CVE-2025-67596 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through
CVE-2025-67595 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through
CVE-2025-67594 2025-12-09 MEDIUM 4.3 Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through
CVE-2025-67593 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through
CVE-2025-67592 2025-12-09 MEDIUM 4.3 Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through
CVE-2025-67591 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
CVE-2025-67494 2025-12-09 CRITICAL 9.3 ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header…
CVE-2025-67590 2025-12-09 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through
CVE-2025-67589 2025-12-09 MEDIUM 4.3 Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing…
« Anterior Página 229 de 3934 Siguiente »