Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-64228 2025-10-29 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from…
CVE-2025-64226 2025-10-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through
CVE-2025-64220 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through
CVE-2025-64219 2025-10-29 MEDIUM 4.3 Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through
CVE-2025-64216 2025-10-29 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from…
CVE-2025-64212 2025-10-29 MEDIUM 5.4 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-64211 2025-10-29 MEDIUM 5.3 Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through
CVE-2025-64210 2025-10-29 MEDIUM 5.4 Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through
CVE-2025-64208 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through
CVE-2025-64204 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through
CVE-2025-64202 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
CVE-2025-64201 2025-10-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through
CVE-2025-64150 2025-10-29 MEDIUM 5.4 A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs…
CVE-2025-64149 2025-10-29 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained…
CVE-2025-64148 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2025-64147 2025-10-29 MEDIUM 4.3 Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-64146 2025-10-29 MEDIUM 4.3 Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission,…
CVE-2025-64200 2025-10-29 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for…
CVE-2025-63622 2025-10-29 N/A 0.0 A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL…
CVE-2025-62801 2025-10-28 N/A 0.0 FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP…
CVE-2025-61156 2025-10-29 N/A 0.0 Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL.
CVE-2025-61161 2025-10-29 HIGH 8.4 DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary…
CVE-2025-60354 2025-10-28 HIGH 7.5 Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.
CVE-2025-10932 2025-10-29 HIGH 8.2 Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16.
CVE-2024-58269 2025-10-29 MEDIUM 4.3 A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to…
CVE-2023-32199 2025-10-29 MEDIUM 4.3 A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to…
CVE-2024-45162 2025-10-29 CRITICAL 9.8 A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.
CVE-2024-45161 2025-10-29 MEDIUM 4.6 A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and…
CVE-2025-64289 2025-10-29 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for…
CVE-2025-9544 2025-10-29 MEDIUM 6.5 The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including…
CVE-2025-64288 2025-10-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through
CVE-2025-64286 2025-10-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through
CVE-2025-64285 2025-10-29 MEDIUM 5.4 Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a…
CVE-2025-64199 2025-10-29 MEDIUM 5.4 Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through
CVE-2025-64197 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64195 2025-10-29 HIGH 7.6 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from…
CVE-2025-64145 2025-10-29 MEDIUM 4.3 Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-64144 2025-10-29 MEDIUM 4.3 Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read…
CVE-2025-64194 2025-10-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through
CVE-2025-64143 2025-10-29 MEDIUM 4.3 Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended…
CVE-2025-64142 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64141 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64140 2025-10-29 HIGH 8.8 Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
CVE-2025-64139 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2025-64138 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2025-64137 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2025-64136 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVE-2025-64135 2025-10-29 MEDIUM 5.9 Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value, disabling a protection mechanism of the Java runtime.
CVE-2025-64134 2025-10-29 HIGH 7.1 Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2025-64133 2025-10-29 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.
« Anterior Página 29 de 3629 Siguiente »