Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1095 2026-01-24 MEDIUM 6.4 The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient…
CVE-2026-1088 2026-01-24 MEDIUM 4.3 The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation…
CVE-2026-1084 2026-01-24 MEDIUM 4.4 The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to…
CVE-2026-1081 2026-01-24 MEDIUM 4.3 The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce…
CVE-2026-1076 2026-01-24 MEDIUM 4.3 The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation…
CVE-2026-1075 2026-01-24 MEDIUM 4.3 The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on…
CVE-2026-1070 2026-01-24 MEDIUM 4.3 The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation…
CVE-2026-0807 2026-01-24 HIGH 7.2 The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the…
CVE-2026-0806 2026-01-24 MEDIUM 4.9 The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the…
CVE-2025-14985 2026-01-24 MEDIUM 6.4 The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha_block_css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input…
CVE-2025-14941 2026-01-24 MEDIUM 6.4 The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing…
CVE-2025-14906 2026-01-24 MEDIUM 4.3 The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce…
CVE-2025-14903 2026-01-24 MEDIUM 4.3 The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on…
CVE-2025-14843 2026-01-24 MEDIUM 5.3 The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a…
CVE-2025-14797 2026-01-24 MEDIUM 5.4 The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This…
CVE-2025-14629 2026-01-24 MEDIUM 5.3 The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up…
CVE-2025-14609 2026-01-24 MEDIUM 5.3 The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the…
CVE-2025-13676 2026-01-24 MEDIUM 6.1 The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and…
CVE-2025-13374 2026-01-24 CRITICAL 9.8 The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up…
CVE-2025-12836 2026-01-24 MEDIUM 6.4 The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due…
CVE-2026-24649 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24648 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24647 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24646 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24645 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24644 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24643 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24642 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24469 2026-01-24 HIGH 7.5 C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest…
CVE-2026-24422 2026-01-24 MEDIUM 5.3 phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The…
CVE-2026-24420 2026-01-24 MEDIUM 6.5 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive…
CVE-2025-13952 2026-01-24 N/A 0.0 A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader…
CVE-2026-24421 2026-01-24 MEDIUM 6.5 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions.…
CVE-2026-24412 2026-01-24 HIGH 8.8 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function.…
CVE-2026-24411 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable…
CVE-2026-24410 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic().…
CVE-2026-24409 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml().…
CVE-2026-24401 2026-01-24 MEDIUM 6.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a…
CVE-2026-24407 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable…
CVE-2026-24406 2026-01-24 HIGH 8.8 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This…
CVE-2026-24405 2026-01-24 HIGH 8.8 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This…
CVE-2026-24404 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined…
CVE-2026-24403 2026-01-24 HIGH 7.1 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader()…
CVE-2026-24402 2026-01-24 N/A 0.0 Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE…
CVE-2026-24399 2026-01-24 CRITICAL 9.3 ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an…
CVE-2026-22586 2026-01-24 N/A 0.0 Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol…
CVE-2026-22585 2026-01-24 N/A 0.0 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage…
CVE-2026-22583 2026-01-24 N/A 0.0 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud…
CVE-2026-22582 2026-01-24 N/A 0.0 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud…
CVE-2026-24474 2026-01-24 N/A 0.0 Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be…
« Anterior Página 389 de 4257 Siguiente »