Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48284 2025-05-19 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For…
CVE-2025-48282 2025-05-19 MEDIUM 5.3 Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic…
CVE-2025-48280 2025-05-19 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows Blind SQL…
CVE-2025-48278 2025-05-19 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This…
CVE-2025-48277 2025-05-19 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This…
CVE-2025-48276 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored…
CVE-2025-48272 2025-05-19 MEDIUM 5.3 Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP…
CVE-2025-48270 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks allows DOM-Based XSS. This issue…
CVE-2025-48269 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue…
CVE-2025-48268 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This…
CVE-2025-48266 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored…
CVE-2025-48265 2025-05-19 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue…
CVE-2025-48264 2025-05-19 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce allows Cross Site Request Forgery. This issue affects Product…
CVE-2025-48263 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects…
CVE-2025-48262 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Michael Revellin-Clerc Url Rewrite Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-48260 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-48259 2025-05-19 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects…
CVE-2025-48258 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jetmonsters Mega Menu Block allows Stored XSS. This…
CVE-2025-48257 2025-05-19 MEDIUM 6.5 Missing Authorization vulnerability in Projectopia Projectopia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projectopia: from n/a…
CVE-2025-48251 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce…
CVE-2025-48250 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL…
CVE-2025-48249 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This…
CVE-2025-48248 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to…
CVE-2025-48247 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-48246 2025-05-19 MEDIUM 5.4 Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-48244 2025-05-19 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS.…
CVE-2025-48243 2025-05-19 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA…
CVE-2025-48242 2025-05-19 MEDIUM 6.5 Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages:…
CVE-2025-48240 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Cost of Goods for WooCommerce allows Stored…
CVE-2025-48239 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Notes Tab & Private Admin Notes…
CVE-2025-48238 2025-05-19 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through…
CVE-2025-48237 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This…
CVE-2025-48236 2025-05-19 HIGH 8.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net allows Stored XSS. This issue affects…
CVE-2025-48235 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS.…
CVE-2025-48234 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This…
CVE-2025-48233 2025-05-19 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager…
CVE-2025-48232 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite…
CVE-2025-43714 2025-05-19 MEDIUM 6.5 The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside…
CVE-2025-3908 2025-05-19 MEDIUM 6.2 The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks…
CVE-2025-30072 2025-05-19 HIGH 7.6 Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering…
CVE-2024-55063 2025-05-19 HIGH 8.8 Multiple Code Injection vulnerabilities in EasyVirt DC NetScope
CVE-2025-44108 2025-05-19 MEDIUM 4.8 A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions…
CVE-2025-28371 2025-05-19 MEDIUM 6.5 EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails…
CVE-2025-37940 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a…
CVE-2025-37939 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext core_relo header Update btf_ext_parse_info() to ensure…
CVE-2025-37938 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event…
CVE-2025-37937 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call…
CVE-2025-37936 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.…
CVE-2025-37935 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If…
CVE-2025-37934 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if…
« Anterior Página 389 de 3519 Siguiente »