Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48086 2025-11-06 N/A 0.0 Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through
CVE-2025-48085 2025-11-06 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through
CVE-2025-48083 2025-11-06 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through
CVE-2025-48078 2025-11-06 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through
CVE-2025-48077 2025-11-06 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through
CVE-2025-47588 2025-11-06 N/A 0.0 Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount…
CVE-2025-39468 2025-11-06 N/A 0.0 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through
CVE-2025-39467 2025-11-06 N/A 0.0 Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through
CVE-2025-39466 2025-11-06 N/A 0.0 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from…
CVE-2025-39465 2025-11-06 N/A 0.0 Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through
CVE-2025-39463 2025-11-06 N/A 0.0 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from…
CVE-2025-32222 2025-11-06 N/A 0.0 Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through
CVE-2025-31029 2025-11-06 N/A 0.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through
CVE-2025-28953 2025-11-06 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through
CVE-2025-22288 2025-11-06 N/A 0.0 Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization:…
CVE-2025-12556 2025-11-06 HIGH 8.8 An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
CVE-2025-37735 2025-11-06 HIGH 7.0 Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In…
CVE-2025-36054 2025-11-06 MEDIUM 6.1 IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and…
CVE-2025-11956 2025-11-06 HIGH 8.9 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.This issue affects…
CVE-2025-11268 2025-11-06 MEDIUM 4.3 The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users…
CVE-2025-12360 2025-11-06 MEDIUM 4.3 The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in…
CVE-2025-10259 2025-11-06 MEDIUM 5.3 Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the…
CVE-2025-12471 2025-11-06 MEDIUM 6.1 The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up…
CVE-2025-9338 2025-11-06 N/A 0.0 A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process,…
CVE-2025-12560 2025-11-06 MEDIUM 5.3 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent()…
CVE-2025-61994 2025-11-06 MEDIUM 5.4 Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web…
CVE-2025-12563 2025-11-06 MEDIUM 4.3 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all…
CVE-2025-11271 2025-11-06 MEDIUM 5.3 The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification…
CVE-2025-10691 2025-11-06 MEDIUM 4.3 The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect…
CVE-2025-10683 2025-11-06 MEDIUM 4.9 The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping…
CVE-2025-64171 2025-11-06 N/A 0.0 MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which…
CVE-2025-64164 2025-11-06 N/A 0.0 Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a…
CVE-2025-64163 2025-11-06 N/A 0.0 DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection…
CVE-2025-64114 2025-11-06 MEDIUM 6.5 ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against…
CVE-2025-62596 2025-11-06 N/A 0.0 Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during…
CVE-2025-62161 2025-11-06 N/A 0.0 Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes…
CVE-2025-55278 2025-11-05 HIGH 8.1 Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a…
CVE-2025-12779 2025-11-05 HIGH 8.8 Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local…
CVE-2025-63585 2025-11-05 N/A 0.0 OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.
CVE-2025-60784 2025-11-05 MEDIUM 6.5 A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a…
CVE-2025-63418 2025-11-05 MEDIUM 6.1 A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads…
CVE-2025-63417 2025-11-05 HIGH 7.2 A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat…
CVE-2025-55342 2025-11-05 MEDIUM 5.3 Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.
CVE-2025-55341 2025-11-05 MEDIUM 6.5 Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php asocImgRad.
CVE-2025-64480 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64479 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64478 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64477 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64476 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64475 2025-11-06 N/A 0.0 Rejected reason: Not used
« Anterior Página 316 de 3934 Siguiente »