Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4392 2025-06-03 HIGH 7.2 The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-31359 2025-06-03 HIGH 8.8 A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This…
CVE-2024-54189 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a…
CVE-2024-52561 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a…
CVE-2024-36486 2025-06-03 HIGH 7.8 A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740).…
CVE-2025-5116 2025-06-03 MEDIUM 6.4 The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all…
CVE-2025-5103 2025-06-03 MEDIUM 4.9 The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id'…
CVE-2025-4420 2025-06-03 MEDIUM 6.4 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-1725 2025-06-03 MEDIUM 6.4 The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress…
CVE-2025-46355 2025-06-03 HIGH 7.3 Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM…
CVE-2025-41428 2025-06-03 MEDIUM 5.3 Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited,…
CVE-2025-4567 2025-06-03 MEDIUM 4.8 The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape…
CVE-2025-3662 2025-06-03 MEDIUM 6.1 The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries'…
CVE-2025-3584 2025-06-03 MEDIUM 4.8 The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high…
CVE-2025-31712 2025-06-03 MEDIUM 5.1 In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2025-31711 2025-06-03 MEDIUM 5.1 In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial…
CVE-2025-31710 2025-06-03 MEDIUM 5.9 In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation…
CVE-2025-27031 2025-06-03 HIGH 7.8 memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
CVE-2025-27029 2025-06-03 HIGH 7.5 Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
CVE-2025-21486 2025-06-03 HIGH 7.8 Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
CVE-2025-21485 2025-06-03 HIGH 7.8 Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
CVE-2025-21463 2025-06-03 HIGH 7.5 Transient DOS while processing the EHT operation IE in the received beacon frame.
CVE-2024-53026 2025-06-03 HIGH 8.2 Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53021 2025-06-03 HIGH 8.2 Information disclosure may occur while processing goodbye RTCP packet from network.
CVE-2024-53020 2025-06-03 HIGH 8.2 Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53019 2025-06-03 HIGH 8.2 Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-53018 2025-06-03 MEDIUM 6.6 Memory corruption may occur while processing the OIS packet parser.
CVE-2024-53017 2025-06-03 MEDIUM 6.6 Memory corruption while handling test pattern generator IOCTL command.
CVE-2024-53016 2025-06-03 MEDIUM 6.6 Memory corruption while processing I2C settings in Camera driver.
CVE-2024-53015 2025-06-03 MEDIUM 6.6 Memory corruption while processing IOCTL command to handle buffers associated with a session.
CVE-2024-53013 2025-06-03 MEDIUM 6.6 Memory corruption may occur while processing voice call registration with user.
CVE-2024-53010 2025-06-03 HIGH 7.8 Memory corruption may occur while attaching VM when the HLOS retains access to VM.
CVE-2025-4797 2025-06-03 CRITICAL 9.8 The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in…
CVE-2025-4224 2025-06-03 HIGH 7.2 The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in…
CVE-2025-4047 2025-06-03 MEDIUM 4.3 The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on…
CVE-2025-2939 2025-06-03 MEDIUM 5.6 The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions…
CVE-2025-5419 2025-06-03 HIGH 8.8 Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially…
CVE-2025-5068 2025-06-03 HIGH 8.8 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-49164 2025-06-03 MEDIUM 4.3 Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
CVE-2025-49163 2025-06-03 MEDIUM 6.7 Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
CVE-2025-49162 2025-06-03 MEDIUM 6.4 Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space…
CVE-2025-3919 2025-06-02 MEDIUM 6.4 The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2025-48996 2025-06-02 MEDIUM 5.3 HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists…
CVE-2025-48387 2025-06-02 N/A 0.0 tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can…
CVE-2025-47585 2025-06-02 MEDIUM 6.5 Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue…
CVE-2025-49069 2025-06-02 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact…
CVE-2025-23105 2025-06-02 HIGH 7.8 An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads…
CVE-2025-23099 2025-06-02 CRITICAL 9.1 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to…
CVE-2025-1051 2025-06-02 HIGH 8.8 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2025-22800 2025-01-13 MEDIUM 4.3 Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP:…
« Anterior Página 309 de 3509 Siguiente »