Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48287 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x…
CVE-2025-48286 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This…
CVE-2025-48283 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL…
CVE-2025-48275 2025-05-23 MEDIUM 6.5 Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header:…
CVE-2025-48273 2025-05-23 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal.…
CVE-2025-48271 2025-05-23 MEDIUM 6.5 Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a…
CVE-2025-48245 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This…
CVE-2025-48241 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue…
CVE-2025-47690 2025-05-23 HIGH 8.8 Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data…
CVE-2025-47687 2025-05-23 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to…
CVE-2025-47680 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS.…
CVE-2025-47678 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects…
CVE-2025-47673 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue…
CVE-2025-47672 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration…
CVE-2025-47671 2025-05-23 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan…
CVE-2025-47670 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login…
CVE-2025-47663 2025-05-23 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a…
CVE-2025-47660 2025-05-23 HIGH 8.8 Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC Affiliate: from n/a…
CVE-2025-47658 2025-05-23 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a…
CVE-2025-47646 2025-05-23 CRITICAL 9.8 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration allows Password Recovery…
CVE-2025-47642 2025-05-23 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to…
CVE-2025-47641 2025-05-23 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload…
CVE-2025-47640 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product…
CVE-2025-47637 2025-05-23 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server.…
CVE-2025-47631 2025-05-23 HIGH 8.8 Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20…
CVE-2025-47619 2025-05-23 MEDIUM 6.5 Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4.
CVE-2025-47618 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows…
CVE-2025-47613 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue…
CVE-2025-47611 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta allows Reflected XSS. This issue…
CVE-2025-47603 2025-05-23 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue…
CVE-2025-47599 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This…
CVE-2025-47575 2025-05-23 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection.…
CVE-2025-47568 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.
CVE-2025-47558 2025-05-23 HIGH 7.5 Missing Authorization vulnerability in RomanCode MapSVG allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MapSVG: from n/a…
CVE-2025-47541 2025-05-23 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects…
CVE-2025-47539 2025-05-23 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.
CVE-2025-47535 2025-05-23 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows…
CVE-2025-47532 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce allows Object Injection. This issue affects CoinPayments.net Payment…
CVE-2025-47530 2025-05-23 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.
CVE-2025-47529 2025-05-23 MEDIUM 6.5 Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows…
CVE-2025-47513 2025-05-23 MEDIUM 4.9 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path…
CVE-2025-47512 2025-05-23 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal. This issue…
CVE-2025-47492 2025-05-23 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for…
CVE-2025-47478 2025-05-23 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This…
CVE-2025-47461 2025-05-23 HIGH 8.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects…
CVE-2025-47458 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This…
CVE-2025-47453 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart…
CVE-2025-47438 2025-05-23 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal…
CVE-2025-46539 2025-05-23 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL…
CVE-2025-46537 2025-05-23 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue…
« Anterior Página 376 de 3517 Siguiente »