Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12190 2025-12-05 MEDIUM 4.3 The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or…
CVE-2025-12181 2025-12-05 HIGH 8.8 The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including,…
CVE-2025-12165 2025-12-05 MEDIUM 4.3 The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in…
CVE-2025-12163 2025-12-05 MEDIUM 6.4 The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization…
CVE-2025-12154 2025-12-05 HIGH 8.8 The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and…
CVE-2025-12153 2025-12-05 HIGH 8.8 The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including,…
CVE-2025-12133 2025-12-05 MEDIUM 4.3 The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all…
CVE-2025-12128 2025-12-05 MEDIUM 4.3 The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due…
CVE-2025-12124 2025-12-05 MEDIUM 4.4 The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input…
CVE-2025-10055 2025-12-05 MEDIUM 4.3 The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce…
CVE-2025-32899 2025-12-05 MEDIUM 4.3 In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over…
CVE-2025-32898 2025-12-05 MEDIUM 4.7 The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04…
CVE-2025-13494 2025-12-05 MEDIUM 5.3 The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP…
CVE-2025-13362 2025-12-05 MEDIUM 4.3 The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on…
CVE-2025-13313 2025-12-05 CRITICAL 9.8 The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization…
CVE-2025-13312 2025-12-05 MEDIUM 5.3 The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrm_add_new_tag' function in all versions up to,…
CVE-2025-13006 2025-12-05 MEDIUM 5.3 The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/…
CVE-2025-12417 2025-12-05 MEDIUM 6.4 The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'surveyfunnel_lite_survey' shortcode in all versions up to, and including, 1.1.5…
CVE-2025-66544 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66543 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66542 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66541 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66540 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66539 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66538 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66537 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-66536 2025-12-05 N/A 0.0 Rejected reason: Not used
CVE-2025-27389 2025-12-05 N/A 0.0 A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow…
CVE-2025-13066 2025-12-05 HIGH 8.8 The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type…
CVE-2025-12804 2025-12-05 MEDIUM 6.4 The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bookingcalendar' shortcode in all versions up to, and including, 10.14.6 due to insufficient…
CVE-2025-11759 2025-12-05 MEDIUM 4.3 The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is…
CVE-2025-62223 2025-12-05 MEDIUM 4.3 User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-14052 2025-12-05 MEDIUM 6.3 A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads…
CVE-2025-66564 2025-12-04 HIGH 7.5 Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is…
CVE-2025-66561 2025-12-04 HIGH 7.3 SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the…
CVE-2025-66559 2025-12-04 N/A 0.0 Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to…
CVE-2025-13373 2025-12-04 HIGH 7.5 Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
CVE-2025-6946 2025-12-04 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an…
CVE-2025-66509 2025-12-04 N/A 0.0 LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s…
CVE-2025-66506 2025-12-04 HIGH 7.5 Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split)…
CVE-2025-66238 2025-12-04 HIGH 7.2 DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network…
CVE-2025-65900 2025-12-04 N/A 0.0 Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an…
CVE-2025-65899 2025-12-04 N/A 0.0 Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect…
CVE-2025-53704 2025-12-04 HIGH 7.5 The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
CVE-2025-1910 2025-12-04 N/A 0.0 The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where…
CVE-2025-1547 2025-12-04 N/A 0.0 A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This…
CVE-2025-1545 2025-12-04 N/A 0.0 An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management…
CVE-2025-13940 2025-12-04 N/A 0.0 An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox…
CVE-2025-13939 2025-12-04 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS…
CVE-2025-13938 2025-12-04 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS…
« Anterior Página 251 de 3933 Siguiente »