Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-39350 2025-05-19 HIGH 8.2 Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
CVE-2025-32926 2025-05-19 CRITICAL 9.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This…
CVE-2025-32925 2025-05-19 HIGH 8.3 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points…
CVE-2025-32924 2025-05-19 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue…
CVE-2025-31027 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects…
CVE-2025-47934 2025-05-19 N/A 0.0 OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1,…
CVE-2025-47581 2025-05-19 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events…
CVE-2025-47577 2025-05-19 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a…
CVE-2025-47284 2025-05-19 CRITICAL 9.9 Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the…
CVE-2025-47283 2025-05-19 CRITICAL 9.9 Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener…
CVE-2025-43839 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool allows Reflected XSS.This issue…
CVE-2025-43838 2025-05-19 MEDIUM 6.5 Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2025-43837 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations allows Reflected XSS.This issue affects…
CVE-2025-43836 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out allows Reflected XSS.This issue affects…
CVE-2025-43832 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue…
CVE-2025-39459 2025-05-19 HIGH 7.3 Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a…
CVE-2025-39458 2025-05-19 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP…
CVE-2025-39451 2025-05-19 HIGH 7.5 Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For…
CVE-2025-39449 2025-05-19 HIGH 7.5 Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through…
CVE-2025-39447 2025-05-19 HIGH 7.5 Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For…
CVE-2025-39446 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected…
CVE-2025-39445 2025-05-19 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL…
CVE-2025-39411 2025-05-19 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to…
CVE-2025-39410 2025-05-19 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections…
CVE-2025-39409 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video…
CVE-2025-39406 2025-05-19 CRITICAL 9.8 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS allows PHP…
CVE-2025-39405 2025-05-19 HIGH 8.8 Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).
CVE-2025-39403 2025-05-19 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue…
CVE-2025-47582 2025-05-19 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot:…
CVE-2025-47282 2025-05-19 CRITICAL 9.9 Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was…
CVE-2025-43841 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects…
CVE-2025-43840 2025-05-19 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.
CVE-2025-43835 2025-05-19 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.
CVE-2025-43834 2025-05-19 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR:…
CVE-2025-43833 2025-05-19 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind…
CVE-2025-39460 2025-05-19 MEDIUM 5.3 Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through…
CVE-2025-39454 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.
CVE-2025-39450 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs:…
CVE-2025-39448 2025-05-19 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue…
CVE-2025-39398 2025-05-19 MEDIUM 4.3 Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed…
CVE-2025-39396 2025-05-19 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP…
CVE-2025-27010 2025-05-19 HIGH 8.1 Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.
CVE-2025-26997 2025-05-19 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects…
CVE-2025-26892 2025-05-19 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura:…
CVE-2025-26872 2025-05-19 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a…
CVE-2025-26735 2025-05-19 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue…
CVE-2025-22287 2025-05-19 MEDIUM 5.4 Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2025-4945 2025-05-19 LOW 3.7 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other…
CVE-2025-4940 2025-05-19 HIGH 7.3 A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0.…
CVE-2025-47583 2025-05-19 MEDIUM 5.4 Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system
« Anterior Página 393 de 3520 Siguiente »