Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-49277 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogprise allows PHP…
CVE-2025-49276 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogmine allows PHP…
CVE-2025-49275 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogbyte allows PHP…
CVE-2025-49265 2025-06-09 HIGH 7.5 Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects…
CVE-2025-48281 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows…
CVE-2025-48279 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS.…
CVE-2025-48267 2025-06-09 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This…
CVE-2025-48261 2025-06-09 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX allows Retrieve Embedded Sensitive Data. This issue affects MultiVendorX:…
CVE-2025-48147 2025-06-09 MEDIUM 6.5 Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This…
CVE-2025-48143 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS.…
CVE-2025-48141 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows…
CVE-2025-48140 2025-06-09 CRITICAL 9.9 Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from…
CVE-2025-48139 2025-06-09 MEDIUM 6.5 Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a…
CVE-2025-48130 2025-06-09 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This…
CVE-2025-48129 2025-06-09 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation.…
CVE-2025-48126 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate…
CVE-2025-48125 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP…
CVE-2025-48124 2025-06-09 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce…
CVE-2025-48123 2025-06-09 CRITICAL 10.0 Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce…
CVE-2025-48122 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for…
CVE-2025-47651 2025-06-09 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection.…
CVE-2025-47608 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce…
CVE-2025-47598 2025-06-09 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS.…
CVE-2025-47561 2025-06-09 HIGH 8.8 Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allows Privilege Escalation. This issue affects MapSVG: from n/a through 8.5.34.
CVE-2025-47527 2025-06-09 HIGH 7.1 Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access…
CVE-2025-47511 2025-06-09 MEDIUM 6.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This…
CVE-2025-47487 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This…
CVE-2025-47477 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule…
CVE-2025-47463 2025-06-09 HIGH 7.1 Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-46178 2025-06-09 N/A 0.0 Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers…
CVE-2025-39539 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quitenicestuff Soho Hotel allows Reflected XSS. This issue…
CVE-2025-39476 2025-06-09 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo allows PHP…
CVE-2025-39475 2025-06-09 HIGH 8.1 Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3.
CVE-2025-39473 2025-06-09 HIGH 8.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core allows PHP Local File…
CVE-2025-32595 2025-06-09 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd allows PHP…
CVE-2025-32308 2025-06-09 HIGH 7.6 Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Builder:…
CVE-2025-32305 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit FlatNews allows Reflected XSS. This issue affects…
CVE-2025-32291 2025-06-09 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects…
CVE-2025-31925 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT allows Reflected XSS. This issue affects…
CVE-2025-31920 2025-06-09 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy allows SQL Injection.…
CVE-2025-31917 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This…
CVE-2025-31638 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects…
CVE-2025-31635 2025-06-09 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue…
CVE-2025-31429 2025-06-09 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue…
CVE-2025-31426 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player allows Reflected XSS. This…
CVE-2025-31424 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows…
CVE-2025-31398 2025-06-09 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative…
CVE-2025-31396 2025-06-09 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP -…
CVE-2025-31061 2025-06-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects…
CVE-2025-31059 2025-06-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO allows…
« Anterior Página 284 de 3505 Siguiente »