Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1570 2026-02-07 MEDIUM 6.4 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1…
CVE-2026-1082 2026-02-07 MEDIUM 4.3 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on…
CVE-2026-0555 2026-02-07 MEDIUM 6.4 The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to…
CVE-2025-15477 2026-02-07 MEDIUM 6.5 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to…
CVE-2025-15476 2026-02-07 MEDIUM 4.3 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to,…
CVE-2026-2078 2026-02-07 MEDIUM 6.3 A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission Management. Performing a manipulation results…
CVE-2026-2077 2026-02-07 MEDIUM 6.3 A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role…
CVE-2026-2076 2026-02-07 MEDIUM 6.3 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management…
CVE-2026-2075 2026-02-07 MEDIUM 6.3 A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The…
CVE-2025-15491 2026-02-07 N/A 0.0 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such…
CVE-2025-15267 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to…
CVE-2025-13463 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to…
CVE-2025-12803 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to…
CVE-2025-12159 2026-02-07 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to…
CVE-2026-2074 2026-02-07 MEDIUM 6.3 A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads…
CVE-2026-2073 2026-02-07 HIGH 7.3 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead…
CVE-2026-25845 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25844 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25843 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25842 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25841 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25840 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25839 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25838 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2026-25837 2026-02-07 N/A 0.0 Rejected reason: Not used
CVE-2025-31990 2026-02-07 MEDIUM 6.8 Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a…
CVE-2026-2071 2026-02-07 HIGH 8.8 A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results…
CVE-2020-37171 2026-02-07 MEDIUM 6.2 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field…
CVE-2020-37170 2026-02-07 MEDIUM 6.2 TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field…
CVE-2020-37166 2026-02-07 MEDIUM 6.2 AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field…
CVE-2020-37165 2026-02-07 MEDIUM 6.2 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload…
CVE-2020-37164 2026-02-07 MEDIUM 6.2 AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload…
CVE-2020-37163 2026-02-07 HIGH 8.2 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL…
CVE-2020-37162 2026-02-07 CRITICAL 9.8 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a…
CVE-2020-37161 2026-02-07 CRITICAL 9.8 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft…
CVE-2020-37160 2026-02-07 MEDIUM 6.2 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak…
CVE-2020-37159 2026-02-07 CRITICAL 9.8 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft…
CVE-2020-37157 2026-02-07 HIGH 7.5 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration…
CVE-2020-37155 2026-02-07 HIGH 7.5 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate…
CVE-2020-37154 2026-02-07 HIGH 7.1 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap…
CVE-2020-37147 2026-02-07 HIGH 7.1 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit…
CVE-2020-37146 2026-02-07 HIGH 7.5 ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending…
CVE-2020-37141 2026-02-07 HIGH 8.2 AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject…
CVE-2020-37135 2026-02-07 HIGH 7.5 AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password…
CVE-2020-37122 2026-02-07 HIGH 7.5 SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text…
CVE-2020-37109 2026-02-07 HIGH 7.5 aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can…
CVE-2020-37107 2026-02-07 HIGH 7.5 Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can…
CVE-2020-37106 2026-02-07 MEDIUM 5.3 Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form…
CVE-2020-37095 2026-02-07 CRITICAL 9.8 Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a…
CVE-2020-37079 2026-02-07 MEDIUM 4.3 Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can…
« Anterior Página 329 de 4237 Siguiente »