Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11926 2025-10-18 MEDIUM 4.4 The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input…
CVE-2025-9890 2025-10-18 HIGH 8.8 The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce…
CVE-2025-5555 2025-10-18 HIGH 7.8 A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler.…
CVE-2025-40003 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to…
CVE-2025-40002 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that…
CVE-2025-40001 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls…
CVE-2025-11256 2025-10-18 MEDIUM 5.3 The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and…
CVE-2025-10750 2025-10-18 MEDIUM 5.3 The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks…
CVE-2025-9562 2025-10-18 MEDIUM 6.4 The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qs_date shortcode in all versions up to, and including, 3.2.6…
CVE-2025-11741 2025-10-18 MEDIUM 5.3 The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint…
CVE-2025-11703 2025-10-18 MEDIUM 5.3 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to…
CVE-2025-11691 2025-10-18 HIGH 7.5 The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and…
CVE-2025-11519 2025-10-18 MEDIUM 4.3 The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference…
CVE-2025-11517 2025-10-18 HIGH 7.5 The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint…
CVE-2025-11510 2025-10-18 MEDIUM 4.3 The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2025-11391 2025-10-18 CRITICAL 9.8 The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image…
CVE-2025-11372 2025-10-18 MEDIUM 6.5 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing…
CVE-2025-11270 2025-10-18 MEDIUM 6.4 The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions…
CVE-2025-10187 2025-10-18 MEDIUM 4.9 The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including,…
CVE-2025-10006 2025-10-18 MEDIUM 6.4 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in all versions up to, and including, 8.6 due to…
CVE-2025-11937 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-11857 2025-10-18 MEDIUM 6.4 The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxp_fb2wp_display_embed' shortcode in all versions up to, and including, 1.9.9. This is due…
CVE-2025-11742 2025-10-18 MEDIUM 4.3 The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in…
CVE-2025-11738 2025-10-18 MEDIUM 5.3 The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it…
CVE-2025-62671 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62670 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62669 2025-10-18 N/A 0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from…
CVE-2025-62668 2025-10-18 N/A 0.0 Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.
CVE-2025-62667 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62666 2025-10-18 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before…
CVE-2025-62664 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62663 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62662 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - AdvancedSearch Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-11361 2025-10-18 MEDIUM 6.4 The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-62665 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stored XSS.This issue affects Mediawiki - Skin:BlueSky: from…
CVE-2025-11378 2025-10-18 MEDIUM 5.4 The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2020-36854 2025-10-18 MEDIUM 6.4 The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the…
CVE-2020-36853 2025-10-18 HIGH 7.2 The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and…
CVE-2017-20208 2025-10-18 CRITICAL 9.8 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive)…
CVE-2017-20207 2025-10-18 CRITICAL 9.8 The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager `…
CVE-2017-20206 2025-10-18 CRITICAL 9.8 The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This…
CVE-2025-62640 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62639 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62638 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62637 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62636 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62635 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62634 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62633 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62632 2025-10-18 N/A 0.0 Rejected reason: Not used
« Anterior Página 363 de 3934 Siguiente »