Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-53868 2025-10-15 HIGH 8.7 When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software…
CVE-2025-53856 2025-10-15 HIGH 7.5 When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause…
CVE-2025-53521 2025-10-15 HIGH 7.5 When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.   Note: Software versions which have reached End of Technical…
CVE-2025-53474 2025-10-15 HIGH 7.5 When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have…
CVE-2025-48008 2025-10-15 HIGH 7.5 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic…
CVE-2025-47150 2025-10-15 MEDIUM 6.5 When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization.  Note: Software versions which have reached End…
CVE-2025-47148 2025-10-15 MEDIUM 6.5 When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an…
CVE-2025-46706 2025-10-15 HIGH 7.5 When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached…
CVE-2025-41430 2025-10-15 HIGH 7.5 When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)…
CVE-2025-37145 2025-10-14 MEDIUM 4.9 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to…
CVE-2025-37144 2025-10-14 MEDIUM 4.9 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to…
CVE-2025-25255 2025-10-14 MEDIUM 4.3 An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3…
CVE-2025-11577 2025-10-14 HIGH 7.6 Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow…
CVE-2025-10406 2025-10-15 MEDIUM 5.5 The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such…
CVE-2025-9640 2025-10-15 MEDIUM 4.3 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read…
CVE-2025-10869 2025-10-15 N/A 0.0 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the…
CVE-2025-55082 2025-10-15 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of…
CVE-2025-55081 2025-10-15 N/A 0.0 In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and…
CVE-2025-39998 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of…
CVE-2025-39996 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does…
CVE-2025-39995 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer…
CVE-2025-39994 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee…
CVE-2025-39993 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe…
CVE-2025-9967 2025-10-15 CRITICAL 9.8 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to…
CVE-2025-11728 2025-10-15 MEDIUM 5.3 The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'return_payment' and 'notice_payment'…
CVE-2025-11722 2025-10-15 HIGH 7.5 The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode.…
CVE-2025-11701 2025-10-15 MEDIUM 5.3 The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the…
CVE-2025-11692 2025-10-15 MEDIUM 5.3 The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions…
CVE-2025-11365 2025-10-15 MEDIUM 6.5 The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to, and…
CVE-2025-11196 2025-10-15 MEDIUM 4.3 The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlog_test_connection' AJAX action lacking capability…
CVE-2025-11177 2025-10-15 HIGH 7.5 The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on…
CVE-2025-10754 2025-10-15 HIGH 7.2 The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up…
CVE-2025-10743 2025-10-15 HIGH 7.5 The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the…
CVE-2025-10730 2025-10-15 MEDIUM 6.5 The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping…
CVE-2025-10682 2025-10-15 MEDIUM 6.5 The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly…
CVE-2025-10660 2025-10-15 MEDIUM 6.5 The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
CVE-2025-10648 2025-10-15 MEDIUM 5.3 The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_display_test_attributes'…
CVE-2025-10575 2025-10-15 MEDIUM 6.5 The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injection via the 'ids' shortcode attribute parameter handled by the WPJqueryPaged::get_gallery_page_imgs() function in all versions up to,…
CVE-2025-10486 2025-10-15 MEDIUM 5.3 The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it…
CVE-2025-10313 2025-10-15 HIGH 7.2 The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on…
CVE-2025-10312 2025-10-15 MEDIUM 4.3 The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when…
CVE-2025-10310 2025-10-15 MEDIUM 4.9 The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to, and including, 2.0.0105 due to insufficient…
CVE-2025-10303 2025-10-15 MEDIUM 4.3 The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up…
CVE-2025-10301 2025-10-15 MEDIUM 4.3 The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation…
CVE-2025-10300 2025-10-15 MEDIUM 4.3 The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation…
CVE-2025-10299 2025-10-15 HIGH 8.8 The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_create_link AJAX action in…
CVE-2025-10294 2025-10-15 CRITICAL 9.8 The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly…
CVE-2025-10293 2025-10-15 HIGH 8.8 The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.3. This is…
CVE-2025-10194 2025-10-15 MEDIUM 6.4 The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient…
CVE-2025-10186 2025-10-15 MEDIUM 5.3 The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the…
« Anterior Página 370 de 3934 Siguiente »