Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-2419 2026-02-18 LOW 2.7 The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient…
CVE-2026-2112 2026-02-18 MEDIUM 4.3 The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on…
CVE-2026-1943 2026-02-18 MEDIUM 4.4 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient…
CVE-2026-1938 2026-02-18 MEDIUM 5.3 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in…
CVE-2026-1860 2026-02-18 MEDIUM 4.3 The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission…
CVE-2026-1831 2026-02-18 LOW 2.7 The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and…
CVE-2026-1655 2026-02-18 MEDIUM 4.3 The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to…
CVE-2026-2644 2026-02-18 LOW 3.3 A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This…
CVE-2026-2642 2026-02-18 LOW 3.3 A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null…
CVE-2026-2633 2026-02-18 MEDIUM 4.3 The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to…
CVE-2026-2296 2026-02-18 HIGH 7.2 The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This…
CVE-2026-2281 2026-02-18 MEDIUM 4.4 The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due…
CVE-2026-2019 2026-02-18 HIGH 7.2 The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient…
CVE-2026-1937 2026-02-18 CRITICAL 9.8 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check…
CVE-2026-1857 2026-02-18 MEDIUM 4.3 The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due…
CVE-2026-1807 2026-02-18 MEDIUM 6.4 The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to…
CVE-2026-1666 2026-02-18 MEDIUM 6.1 The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to…
CVE-2026-1640 2026-02-18 MEDIUM 4.3 The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due…
CVE-2026-2641 2026-02-18 LOW 3.3 A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser.…
CVE-2026-2023 2026-02-18 MEDIUM 4.3 The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce…
CVE-2026-1906 2026-02-18 MEDIUM 4.3 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the…
CVE-2026-1639 2026-02-18 MEDIUM 6.5 The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions…
CVE-2026-1368 2026-02-18 HIGH 7.5 The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK…
CVE-2026-1304 2026-02-18 MEDIUM 4.4 The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due…
CVE-2026-1072 2026-02-18 MEDIUM 4.3 The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when…
CVE-2025-12356 2026-02-18 MEDIUM 4.3 The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX…
CVE-2025-12122 2026-02-18 MEDIUM 6.4 The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and…
CVE-2025-11737 2026-02-18 MEDIUM 6.4 The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_sns_title' parameter in all versions up to, and including, 9.112.3…
CVE-2026-2576 2026-02-18 HIGH 7.5 The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to,…
CVE-2026-1931 2026-02-18 HIGH 7.2 The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input…
CVE-2026-1925 2026-02-18 MEDIUM 4.3 The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function…
CVE-2026-1714 2026-02-18 HIGH 8.6 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions…
CVE-2026-1296 2026-02-18 MEDIUM 6.1 The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the…
CVE-2026-1277 2026-02-18 MEDIUM 4.7 The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in…
CVE-2025-6460 2026-02-18 MEDIUM 6.4 The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to…
CVE-2025-13959 2026-02-18 MEDIUM 6.4 The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input…
CVE-2025-12075 2026-02-18 MEDIUM 4.3 The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all…
CVE-2025-12074 2026-02-18 MEDIUM 5.3 The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which…
CVE-2025-12071 2026-02-18 MEDIUM 4.3 The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due…
CVE-2025-12037 2026-02-18 MEDIUM 4.4 The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5…
CVE-2026-27171 2026-02-18 LOW 2.9 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
CVE-2026-23599 2026-02-18 HIGH 7.8 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to…
CVE-2026-22048 2026-02-18 HIGH 7.1 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are…
CVE-2026-1344 2026-02-18 MEDIUM 6.5 Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
CVE-2026-26119 2026-02-17 HIGH 8.8 Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-1670 2026-02-17 CRITICAL 9.8 The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
CVE-2025-62183 2026-02-17 N/A 0.0 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights,…
CVE-2025-13689 2026-02-17 HIGH 8.8 IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.
CVE-2025-13333 2026-02-17 MEDIUM 4.4 IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
CVE-2026-2629 2026-02-17 HIGH 7.3 A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of…
« Anterior Página 291 de 4232 Siguiente »