Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12586 2025-11-25 MEDIUM 4.3 The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing…
CVE-2025-12525 2025-11-25 MEDIUM 5.3 The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to…
CVE-2025-12043 2025-11-25 MEDIUM 5.3 The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_auycht_saveCid' AJAX endpoint in all versions…
CVE-2025-12040 2025-11-25 MEDIUM 6.5 The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due…
CVE-2025-12032 2025-11-25 MEDIUM 4.4 The Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vithanhlam_zsocial_save_messager’, 'vithanhlam_zsocial_save_zalo', 'vithanhlam_zsocial_save_hotline', and 'vithanhlam_zsocial_save_contact' parameters in…
CVE-2025-12025 2025-11-25 MEDIUM 4.4 The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization…
CVE-2025-12003 2025-11-25 N/A 0.0 A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update…
CVE-2025-13644 2025-11-25 MEDIUM 6.5 MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in…
CVE-2025-13643 2025-11-25 LOW 3.1 A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This…
CVE-2025-12742 2025-11-25 N/A 0.0 A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found…
CVE-2025-64730 2025-11-25 MEDIUM 5.2 Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed…
CVE-2025-64304 2025-11-25 MEDIUM 4.0 "FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.
CVE-2025-62497 2025-11-25 LOW 3.1 Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
CVE-2025-13559 2025-11-25 CRITICAL 9.8 The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting…
CVE-2025-13558 2025-11-25 MEDIUM 5.4 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function…
CVE-2025-13507 2025-11-25 MEDIUM 6.5 Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue…
CVE-2025-13068 2025-11-25 HIGH 7.2 The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to…
CVE-2025-12893 2025-11-25 MEDIUM 4.2 Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. A certificate…
CVE-2025-10646 2025-11-25 MEDIUM 4.3 The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to,…
CVE-2025-6389 2025-11-25 CRITICAL 9.8 The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to…
CVE-2025-59373 2025-11-25 N/A 0.0 A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation…
CVE-2025-9803 2025-11-25 CRITICAL 9.3 lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in…
CVE-2025-65951 2025-11-25 HIGH 8.7 Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting…
CVE-2025-65944 2025-11-25 N/A 0.0 Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible…
CVE-2025-64761 2025-11-25 N/A 0.0 OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to…
CVE-2025-65018 2025-11-25 HIGH 7.1 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there…
CVE-2025-64720 2025-11-25 HIGH 7.1 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an…
CVE-2025-64506 2025-11-25 MEDIUM 6.1 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a…
CVE-2025-64505 2025-11-25 MEDIUM 6.1 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer…
CVE-2025-62155 2025-11-25 HIGH 8.5 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass…
CVE-2024-47856 2025-11-24 CRITICAL 9.8 In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not…
CVE-2025-66187 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66186 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66185 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66184 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66183 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66182 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66181 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66180 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-66179 2025-11-25 N/A 0.0 Rejected reason: Not used
CVE-2025-10144 2025-11-24 MEDIUM 6.5 The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the `brands` attribute of the `products` shortcode in all versions up to, and…
CVE-2025-63674 2025-11-24 MEDIUM 6.1 An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allows local physical attackers to execute arbitrary code via overriding the bootloader on the SD card.
CVE-2025-54563 2025-11-24 HIGH 7.5 An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information…
CVE-2025-54347 2025-11-24 CRITICAL 9.9 A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain…
CVE-2025-54341 2025-11-24 MEDIUM 5.3 A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values.
CVE-2025-54338 2025-11-24 HIGH 7.5 An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes.
CVE-2025-63498 2025-11-24 MEDIUM 6.1 alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
CVE-2025-52538 2025-11-24 HIGH 8.0 Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability.
CVE-2025-48511 2025-11-24 MEDIUM 5.5 Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
CVE-2025-48510 2025-11-24 HIGH 7.1 Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
« Anterior Página 271 de 3934 Siguiente »