Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6090 2025-06-15 HIGH 8.8 A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the…
CVE-2025-22854 2025-06-15 N/A 0.0 Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
CVE-2025-21085 2025-06-15 N/A 0.0 PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
CVE-2025-6089 2025-06-15 MEDIUM 4.3 A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code…
CVE-2025-36041 2025-06-15 MEDIUM 4.7 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1…
CVE-2025-1411 2025-06-15 HIGH 7.8 IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to…
CVE-2025-5337 2025-06-14 MEDIUM 6.4 The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter…
CVE-2025-5238 2025-06-14 MEDIUM 6.4 The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions…
CVE-2025-4667 2025-06-14 MEDIUM 6.4 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-6070 2025-06-14 MEDIUM 6.5 The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2…
CVE-2025-6065 2025-06-14 CRITICAL 9.1 The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
CVE-2025-6064 2025-06-14 MEDIUM 6.1 The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-6063 2025-06-14 MEDIUM 6.1 The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.…
CVE-2025-6062 2025-06-14 MEDIUM 4.3 The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-6061 2025-06-14 MEDIUM 6.4 The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all…
CVE-2025-6055 2025-06-14 MEDIUM 6.1 The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-6040 2025-06-14 MEDIUM 6.1 The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.…
CVE-2025-5589 2025-06-14 MEDIUM 6.4 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions…
CVE-2025-5336 2025-06-14 MEDIUM 6.4 The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-no_number’ parameter in all versions…
CVE-2025-4592 2025-06-14 MEDIUM 4.3 The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2025-4216 2025-06-14 MEDIUM 6.4 The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in…
CVE-2025-4200 2025-06-14 HIGH 8.1 The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all…
CVE-2025-4187 2025-06-14 MEDIUM 5.9 The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions…
CVE-2025-5487 2025-06-14 HIGH 7.2 The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to…
CVE-2025-3234 2025-06-14 HIGH 7.2 The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-6059 2025-06-14 MEDIUM 4.3 The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21.…
CVE-2025-50150 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50149 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50148 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50147 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50146 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50145 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50144 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50143 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-50142 2025-06-14 N/A 0.0 Rejected reason: Not used
CVE-2025-33108 2025-06-14 HIGH 8.5 IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile…
CVE-2025-25215 2025-06-13 HIGH 8.8 An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior…
CVE-2025-6083 2025-06-13 N/A 0.0 In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue…
CVE-2025-24919 2025-06-13 HIGH 8.1 A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus…
CVE-2025-49598 2025-06-13 N/A 0.0 conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is…
CVE-2025-25050 2025-06-13 HIGH 8.8 An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus…
CVE-2025-24922 2025-06-13 HIGH 8.8 A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus…
CVE-2025-24311 2025-06-13 HIGH 8.4 An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior…
CVE-2025-49597 2025-06-13 LOW 3.9 handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be…
CVE-2025-49596 2025-06-13 N/A 0.0 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are…
CVE-2025-48920 2025-06-13 HIGH 7.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-48915 2025-06-13 HIGH 8.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This…
CVE-2025-48914 2025-06-13 HIGH 8.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This…
CVE-2025-49587 2025-06-13 N/A 0.0 XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object,…
CVE-2025-49586 2025-06-13 N/A 0.0 XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes…
« Anterior Página 257 de 3495 Siguiente »