Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-60355 2025-10-28 CRITICAL 9.8 zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-40085 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly…
CVE-2025-40084 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying…
CVE-2025-58711 2025-10-29 MEDIUM 5.3 Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through
CVE-2025-54605 2025-10-28 HIGH 7.5 Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVE-2025-54604 2025-10-28 HIGH 7.5 Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVE-2025-40083 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL,…
CVE-2023-7324 2025-10-29 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().
CVE-2025-11632 2025-10-29 MEDIUM 4.3 The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
CVE-2025-11587 2025-10-29 MEDIUM 4.3 The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-12142 2025-10-29 MEDIUM 6.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2023-39178 2025-10-29 N/A 0.0 Rejected reason: Duplicate of CVE-2023-52441.
CVE-2023-39177 2025-10-29 N/A 0.0 Rejected reason: Duplicate of CVE-2023-52442.
CVE-2025-12461 2025-10-29 N/A 0.0 This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’…
CVE-2025-12450 2025-10-29 MEDIUM 6.1 The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and…
CVE-2015-10147 2025-10-29 MEDIUM 4.9 The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to…
CVE-2015-10146 2025-10-29 MEDIUM 4.9 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient…
CVE-2025-12058 2025-10-29 N/A 0.0 The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from…
CVE-2025-11702 2025-10-29 HIGH 8.5 GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker…
CVE-2023-7320 2025-10-29 MEDIUM 5.3 The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST…
CVE-2025-62776 2025-10-29 HIGH 7.8 The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-49042 2025-10-29 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
CVE-2025-11705 2025-10-29 MEDIUM 6.5 The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability…
CVE-2025-64296 2025-10-29 MEDIUM 5.3 Missing Authorization vulnerability in Facebook Facebook for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through 3.5.7.
CVE-2025-64162 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64161 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64160 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64159 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-64158 2025-10-29 N/A 0.0 Rejected reason: Not used
CVE-2025-57931 2025-10-29 MEDIUM 5.3 Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.
CVE-2025-4665 2025-10-29 CRITICAL 9.6 WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The…
CVE-2025-64095 2025-10-28 CRITICAL 10.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and…
CVE-2025-64094 2025-10-28 MEDIUM 6.4 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not…
CVE-2025-62802 2025-10-28 MEDIUM 4.3 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to…
CVE-2025-62798 2025-10-28 MEDIUM 5.4 Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using…
CVE-2025-62796 2025-10-28 MEDIUM 5.8 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename (attachment_name)…
CVE-2025-62794 2025-10-28 LOW 3.8 GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored…
CVE-2025-62727 2025-10-28 HIGH 7.5 Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range…
CVE-2025-62368 2025-10-28 CRITICAL 9.0 Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of…
CVE-2025-61598 2025-10-28 N/A 0.0 Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused…
CVE-2025-43017 2025-10-28 N/A 0.0 HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
CVE-2025-11375 2025-10-28 MEDIUM 6.5 Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375,…
CVE-2025-11374 2025-10-28 MEDIUM 6.5 Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul…
CVE-2025-62367 2025-10-28 MEDIUM 4.8 Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response…
CVE-2025-59837 2025-10-28 HIGH 7.2 Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes…
CVE-2025-61080 2025-10-28 MEDIUM 5.4 A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.
CVE-2025-55758 2025-10-28 MEDIUM 5.4 Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.
CVE-2025-27093 2025-10-28 MEDIUM 6.3 Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit…
CVE-2025-40843 2025-10-28 MEDIUM 5.9 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability…
CVE-2025-12425 2025-10-28 N/A 0.0 Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
« Anterior Página 335 de 3934 Siguiente »