Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-4353 2026-04-22 MEDIUM 6.4 The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including,…
CVE-2026-4280 2026-04-22 MEDIUM 6.5 The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX…
CVE-2026-4279 2026-04-22 MEDIUM 6.4 The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due…
CVE-2026-4142 2026-04-22 MEDIUM 4.4 The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and…
CVE-2026-4140 2026-04-22 MEDIUM 4.3 The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce…
CVE-2026-4139 2026-04-22 MEDIUM 4.3 The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce…
CVE-2026-4138 2026-04-22 MEDIUM 4.3 The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation…
CVE-2026-4133 2026-04-22 MEDIUM 4.3 The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation…
CVE-2026-4132 2026-04-22 HIGH 7.2 The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including…
CVE-2026-4131 2026-04-22 MEDIUM 6.1 The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the…
CVE-2026-4128 2026-04-22 MEDIUM 4.3 The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the…
CVE-2026-4126 2026-04-22 MEDIUM 4.3 The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanager_render_table_shortcode()`…
CVE-2026-4125 2026-04-22 MEDIUM 6.4 The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due…
CVE-2026-4121 2026-04-22 MEDIUM 4.3 The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the…
CVE-2026-4119 2026-04-22 CRITICAL 9.1 The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating…
CVE-2026-4118 2026-04-22 MEDIUM 4.3 The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce…
CVE-2026-4117 2026-04-22 MEDIUM 5.3 The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the…
CVE-2026-4090 2026-04-22 MEDIUM 6.1 The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in…
CVE-2026-4089 2026-04-22 MEDIUM 6.4 The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is…
CVE-2026-4088 2026-04-22 MEDIUM 6.4 The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. This is due…
CVE-2026-4085 2026-04-22 MEDIUM 6.4 The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to,…
CVE-2026-4082 2026-04-22 MEDIUM 6.4 The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. This is due…
CVE-2026-4076 2026-04-22 MEDIUM 6.4 The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7.…
CVE-2026-4074 2026-04-22 MEDIUM 6.4 The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3.…
CVE-2026-3362 2026-04-22 MEDIUM 4.4 The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This…
CVE-2026-2719 2026-04-22 MEDIUM 4.4 The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due…
CVE-2026-2717 2026-04-22 MEDIUM 5.5 The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header…
CVE-2026-2714 2026-04-22 MEDIUM 4.4 The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is…
CVE-2026-1845 2026-04-22 MEDIUM 5.5 The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input…
CVE-2026-1379 2026-04-22 MEDIUM 4.4 The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization…
CVE-2026-6799 2026-04-21 MEDIUM 6.3 A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a…
CVE-2026-34287 2026-04-21 CRITICAL 9.1 Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker…
CVE-2026-34284 2026-04-21 MEDIUM 6.1 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable…
CVE-2026-35382 2026-04-22 N/A 0.0 Rejected reason: Voluntarily withdrawn
CVE-2026-35252 2026-04-21 MEDIUM 6.4 Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit…
CVE-2026-35251 2026-04-21 HIGH 7.5 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker…
CVE-2026-35250 2026-04-21 LOW 2.3 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with…
CVE-2026-35249 2026-04-21 LOW 3.2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with…
CVE-2026-35248 2026-04-21 MEDIUM 5.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker…
CVE-2026-35247 2026-04-21 MEDIUM 6.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with…
CVE-2026-35246 2026-04-21 HIGH 7.5 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker…
CVE-2026-35245 2026-04-21 HIGH 7.5 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network…
CVE-2026-35244 2026-04-21 MEDIUM 5.2 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged…
CVE-2026-35243 2026-04-21 HIGH 7.8 Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability…
CVE-2026-35242 2026-04-21 HIGH 7.5 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker…
CVE-2026-35241 2026-04-21 MEDIUM 5.7 Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low…
CVE-2026-35240 2026-04-21 MEDIUM 4.9 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged…
CVE-2026-35239 2026-04-21 MEDIUM 4.9 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged…
CVE-2026-35238 2026-04-21 MEDIUM 4.9 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker…
CVE-2026-35237 2026-04-21 MEDIUM 4.9 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker…
« Anterior Página 270 de 4465 Siguiente »