Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48079 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from…
CVE-2025-47693 2025-05-16 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking…
CVE-2025-47567 2025-05-16 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video…
CVE-2025-47564 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a…
CVE-2025-47563 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a…
CVE-2025-47562 2025-05-16 MEDIUM 5.3 Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection. This issue affects MapSVG: from…
CVE-2025-47560 2025-05-16 MEDIUM 5.0 Missing Authorization vulnerability in RomanCode MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG: from n/a…
CVE-2025-47557 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG allows Stored XSS. This issue affects…
CVE-2025-47556 2025-05-16 MEDIUM 5.4 Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This…
CVE-2025-47534 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress…
CVE-2025-46464 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro Plugin allows Stored XSS. This…
CVE-2025-40906 2025-05-16 CRITICAL 9.8 BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790,…
CVE-2025-39537 2025-05-16 MEDIUM 5.3 Authorization Bypass Through User-Controlled Key vulnerability in Chimpstudio WP JobHunt allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-39511 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest…
CVE-2025-39509 2025-05-16 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue…
CVE-2025-39507 2025-05-16 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows…
CVE-2025-39493 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a…
CVE-2025-39492 2025-05-16 HIGH 7.5 Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVE-2025-39491 2025-05-16 HIGH 8.1 Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVE-2025-39482 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a…
CVE-2025-32643 2025-05-16 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows Blind SQL Injection.…
CVE-2025-32310 2025-05-16 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation. This issue affects QuickCal: from n/a through 1.0.13.
CVE-2025-32307 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without…
CVE-2025-32306 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast…
CVE-2025-32301 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin allows…
CVE-2025-32299 2025-05-16 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This…
CVE-2025-32296 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-32295 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon…
CVE-2025-32290 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky HTML5 Music Player allows…
CVE-2025-32287 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO…
CVE-2025-32245 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Apollo allows SQL Injection. This…
CVE-2025-32180 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-31928 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image…
CVE-2025-31926 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player allows SQL…
CVE-2025-31923 2025-05-16 MEDIUM 5.4 Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-31922 2025-05-16 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for…
CVE-2025-31921 2025-05-16 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery. This issue affects WP…
CVE-2025-31915 2025-05-16 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue…
CVE-2025-31641 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider allows SQL Injection. This…
CVE-2025-31640 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel…
CVE-2025-31639 2025-05-16 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through…
CVE-2025-31637 2025-05-16 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This…
CVE-2025-31630 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business:…
CVE-2025-31071 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-31068 2025-05-16 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from…
CVE-2025-31066 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a…
CVE-2025-31065 2025-05-16 MEDIUM 5.3 Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a…
CVE-2025-31063 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a…
CVE-2025-31062 2025-05-16 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This…
CVE-2025-47916 2025-05-16 CRITICAL 10.0 Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the…
« Anterior Página 421 de 3526 Siguiente »