Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12384 2025-11-05 HIGH 8.6 The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including,…
CVE-2025-12139 2025-11-05 HIGH 7.5 The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including,…
CVE-2025-11917 2025-11-05 MEDIUM 6.4 The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes…
CVE-2025-11373 2025-11-05 MEDIUM 4.3 The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable…
CVE-2025-21079 2025-11-05 HIGH 7.1 Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is…
CVE-2025-21078 2025-11-05 HIGH 8.8 Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
CVE-2025-21077 2025-11-05 LOW 3.3 Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
CVE-2025-21076 2025-11-05 MEDIUM 5.5 Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for…
CVE-2025-21075 2025-11-05 MEDIUM 4.3 Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-21074 2025-11-05 MEDIUM 4.3 Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-21073 2025-11-05 MEDIUM 6.8 Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this…
CVE-2025-21071 2025-11-05 MEDIUM 5.7 Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-11749 2025-11-05 CRITICAL 9.8 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes…
CVE-2025-12197 2025-11-05 HIGH 7.5 The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the…
CVE-2025-11162 2025-11-05 MEDIUM 6.4 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up…
CVE-2025-64455 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64454 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64453 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64452 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64451 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64450 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64449 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-64448 2025-11-05 N/A 0.0 Rejected reason: Not used
CVE-2025-12580 2025-11-05 MEDIUM 6.1 The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient…
CVE-2025-11835 2025-11-05 MEDIUM 5.3 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and…
CVE-2025-8871 2025-11-05 MEDIUM 5.6 The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the…
CVE-2025-12582 2025-11-05 MEDIUM 4.3 The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'features_revert_option AJAX endpoint in all versions up to,…
CVE-2025-64110 2025-11-05 N/A 0.0 Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should…
CVE-2025-64109 2025-11-05 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code…
CVE-2025-64108 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file…
CVE-2025-64107 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward…
CVE-2025-64106 2025-11-04 HIGH 8.8 Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links…
CVE-2025-59595 2025-11-04 N/A 0.0 CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server…
CVE-2025-64320 2025-11-04 MEDIUM 6.5 Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
CVE-2025-62715 2025-11-04 N/A 0.0 ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal…
CVE-2025-62520 2025-11-04 N/A 0.0 Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can…
CVE-2025-62507 2025-11-04 N/A 0.0 Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger…
CVE-2025-62369 2025-11-04 HIGH 7.2 Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS…
CVE-2025-61431 2025-11-04 MEDIUM 6.1 A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the…
CVE-2025-56230 2025-11-04 HIGH 7.5 Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.
CVE-2025-54526 2025-11-04 HIGH 7.8 Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVE-2025-54496 2025-11-04 HIGH 7.8 A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
CVE-2025-54335 2025-11-04 MEDIUM 6.5 An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.
CVE-2025-54327 2025-11-04 MEDIUM 6.5 An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Improper input validation in the VTS driver leads…
CVE-2025-52512 2025-11-04 HIGH 7.5 An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial…
CVE-2025-49494 2025-11-04 HIGH 7.5 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem. Mishandling of an 5G NRMM packet leads to a Denial of Service.
CVE-2025-27374 2025-11-04 MEDIUM 5.3 An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480,…
CVE-2025-20743 2025-11-04 MEDIUM 4.2 In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already…
CVE-2025-10875 2025-11-04 MEDIUM 6.5 Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
CVE-2024-56426 2025-11-04 HIGH 7.5 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack…
« Anterior Página 318 de 3933 Siguiente »