Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-64143 2025-10-29 MEDIUM 4.3 Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended…
CVE-2025-64142 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64141 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64140 2025-10-29 HIGH 8.8 Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
CVE-2025-64139 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2025-64138 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2025-64137 2025-10-29 MEDIUM 4.3 A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2025-64136 2025-10-29 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVE-2025-64135 2025-10-29 MEDIUM 5.9 Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value, disabling a protection mechanism of the Java runtime.
CVE-2025-64134 2025-10-29 HIGH 7.1 Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2025-64133 2025-10-29 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.
CVE-2025-64132 2025-10-29 MEDIUM 5.4 Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud…
CVE-2025-64131 2025-10-29 HIGH 7.5 Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser…
CVE-2025-60075 2025-10-29 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through
CVE-2025-58939 2025-10-29 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through
CVE-2025-61235 2025-10-28 CRITICAL 9.1 An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally,…
CVE-2025-60355 2025-10-28 CRITICAL 9.8 zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-40085 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly…
CVE-2025-40084 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying…
CVE-2025-58711 2025-10-29 MEDIUM 5.3 Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through
CVE-2025-54605 2025-10-28 HIGH 7.5 Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVE-2025-54604 2025-10-28 HIGH 7.5 Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVE-2025-40083 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL,…
CVE-2023-7324 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().
CVE-2025-11632 2025-10-29 MEDIUM 4.3 The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
CVE-2025-11587 2025-10-29 MEDIUM 4.3 The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-12142 2025-10-29 MEDIUM 6.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2023-39178 2025-10-29 N/A 0.0 Rejected reason: Duplicate of CVE-2023-52441.
CVE-2023-39177 2025-10-29 N/A 0.0 Rejected reason: Duplicate of CVE-2023-52442.
CVE-2025-12461 2025-10-29 N/A 0.0 This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’…
CVE-2025-12450 2025-10-29 MEDIUM 6.1 The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and…
CVE-2015-10147 2025-10-29 MEDIUM 4.9 The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to…
CVE-2015-10146 2025-10-29 MEDIUM 4.9 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient…
CVE-2025-12058 2025-10-29 N/A 0.0 The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from…
CVE-2025-11702 2025-10-29 HIGH 8.5 GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker…
CVE-2023-7320 2025-10-29 MEDIUM 5.3 The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST…
CVE-2025-62776 2025-10-29 HIGH 7.8 The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-49042 2025-10-29 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
CVE-2025-11705 2025-10-29 MEDIUM 6.5 The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability…
CVE-2025-64296 2025-10-29 MEDIUM 5.3 Missing Authorization vulnerability in Facebook Facebook for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through 3.5.7.
CVE-2025-64162 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64161 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64160 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64159 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64158 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-57931 2025-10-29 MEDIUM 5.3 Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.
CVE-2025-4665 2025-10-29 CRITICAL 9.6 WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The…
CVE-2025-64095 2025-10-28 CRITICAL 10.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and…
CVE-2025-64094 2025-10-28 MEDIUM 6.4 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not…
CVE-2025-62802 2025-10-28 MEDIUM 4.3 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to…
« Anterior Página 334 de 3933 Siguiente »