Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-10737 2025-10-25 MEDIUM 6.4 The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to…
CVE-2025-10694 2025-10-25 MEDIUM 5.3 The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2025-11823 2025-10-25 MEDIUM 6.4 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text'…
CVE-2025-10579 2025-10-25 MEDIUM 5.3 The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX…
CVE-2025-36361 2025-10-24 MEDIUM 6.3 IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
CVE-2025-11760 2025-10-25 MEDIUM 5.3 The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to,…
CVE-2025-34503 2025-10-24 N/A 0.0 Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run…
CVE-2025-34502 2025-10-24 N/A 0.0 Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can…
CVE-2025-34500 2025-10-24 N/A 0.0 Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC…
CVE-2025-12194 2025-10-24 N/A 0.0 Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy…
CVE-2025-62711 2025-10-24 N/A 0.0 Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible…
CVE-2025-4106 2025-10-24 N/A 0.0 An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform…
CVE-2025-34293 2025-10-24 N/A 0.0 GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated…
CVE-2025-62723 2025-10-24 MEDIUM 4.3 FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent…
CVE-2025-62717 2025-10-24 N/A 0.0 Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This…
CVE-2025-60954 2025-10-24 HIGH 8.3 Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character…
CVE-2025-60729 2025-10-24 MEDIUM 5.3 PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
CVE-2025-60419 2025-10-24 MEDIUM 6.2 An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause…
CVE-2025-52099 2025-10-24 HIGH 7.5 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function
CVE-2025-62716 2025-10-24 HIGH 8.1 Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that…
CVE-2025-60735 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
CVE-2025-60731 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
CVE-2025-60558 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
CVE-2025-60557 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.
CVE-2025-60556 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.
CVE-2025-60555 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.
CVE-2025-60552 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.
CVE-2025-60551 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.
CVE-2025-60550 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.
CVE-2025-60549 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.
CVE-2025-60547 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.
CVE-2025-60730 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
CVE-2025-60554 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
CVE-2025-60803 2025-10-24 CRITICAL 9.8 Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
CVE-2025-60553 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
CVE-2025-60548 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
CVE-2025-61430 2025-10-24 MEDIUM 6.5 Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return…
CVE-2025-60936 2025-10-24 MEDIUM 6.1 Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when…
CVE-2025-60572 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
CVE-2025-60571 2025-10-24 HIGH 7.5 D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
CVE-2025-60570 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
CVE-2025-60569 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
CVE-2025-60568 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
CVE-2025-60566 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
CVE-2025-60565 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
CVE-2025-46185 2025-10-24 MEDIUM 6.2 An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames.
CVE-2025-46183 2025-10-24 HIGH 8.2 The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution…
CVE-2021-43768 2025-10-24 MEDIUM 5.3 In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.
CVE-2025-62714 2025-10-24 N/A 0.0 Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the…
CVE-2025-61413 2025-10-23 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and…
« Anterior Página 345 de 3933 Siguiente »