Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-67281 2026-01-09 MEDIUM 5.4 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content.
CVE-2025-67280 2026-01-09 MEDIUM 5.4 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and…
CVE-2025-67279 2026-01-09 MEDIUM 5.3 An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in…
CVE-2025-67278 2026-01-09 MEDIUM 6.5 An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
CVE-2025-67133 2026-01-09 HIGH 7.5 An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
CVE-2025-66744 2026-01-09 N/A 0.0 In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within…
CVE-2025-46645 2026-01-09 MEDIUM 6.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40,…
CVE-2025-15035 2026-01-09 N/A 0.0 Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system…
CVE-2026-0803 2026-01-09 MEDIUM 6.3 A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem…
CVE-2025-67282 2026-01-09 MEDIUM 5.4 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work…
CVE-2025-56225 2026-01-09 N/A 0.0 fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.
CVE-2025-46676 2026-01-09 LOW 2.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40,…
CVE-2025-46644 2026-01-09 MEDIUM 6.0 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40,…
CVE-2025-46643 2026-01-09 LOW 2.3 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40,…
CVE-2025-14803 2026-01-09 MEDIUM 6.8 The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way…
CVE-2025-14598 2026-01-09 CRITICAL 9.8 BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the…
CVE-2026-22082 2026-01-09 N/A 0.0 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through…
CVE-2026-22081 2026-01-09 N/A 0.0 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the…
CVE-2025-7072 2026-01-09 N/A 0.0 The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to…
CVE-2025-66052 2026-01-09 N/A 0.0 Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges…
CVE-2025-66051 2026-01-09 N/A 0.0 Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP…
CVE-2025-66050 2026-01-09 N/A 0.0 Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set…
CVE-2025-66049 2026-01-09 N/A 0.0 Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication.…
CVE-2025-14172 2026-01-09 MEDIUM 6.5 The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks…
CVE-2025-13967 2026-01-09 MEDIUM 6.4 The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_name' parameter of the [woodpecker-connector] shortcode in all versions up to, and including,…
CVE-2025-13908 2026-01-09 MEDIUM 6.4 The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'the_tooltip' shortcode in all versions up to, and including, 1.0.2 due to insufficient…
CVE-2025-13903 2026-01-09 MEDIUM 6.4 The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pullquote' shortcode in all versions up to, and including, 1.0 due to insufficient input…
CVE-2025-13897 2026-01-09 MEDIUM 6.4 The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aft_testimonial_meta_name' custom field in the Client Information metabox in all versions up to,…
CVE-2025-13893 2026-01-09 MEDIUM 6.1 The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.3 due to insufficient…
CVE-2025-13892 2026-01-09 MEDIUM 6.1 The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2 due to insufficient input…
CVE-2025-13862 2026-01-09 MEDIUM 6.4 The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category` parameter in all versions up to, and including, 0.8.0 due to insufficient input…
CVE-2025-13854 2026-01-09 MEDIUM 6.4 The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' parameter of the arctext shortcode in all versions up to, and including, 0.1…
CVE-2025-13852 2026-01-09 MEDIUM 6.4 The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the lead_form shortcode in all versions up to,…
CVE-2025-13717 2026-01-09 MEDIUM 5.3 The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_gvccf_check_download_request' function in all versions…
CVE-2025-13704 2026-01-09 MEDIUM 6.4 The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head_class' parameter of the 'autogen_menu' shortcode in all versions up to, and including,…
CVE-2025-13701 2026-01-09 MEDIUM 6.1 The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to, and including, 0.4.4 due to insufficient input…
CVE-2025-11453 2026-01-09 MEDIUM 6.4 The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _inpost_head_script parameter in all versions up to, and including, 2.2.2 due to…
CVE-2026-22080 2026-01-09 N/A 0.0 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through…
CVE-2026-22079 2026-01-09 N/A 0.0 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login…
CVE-2025-9222 2026-01-09 HIGH 8.7 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2026-0733 2026-01-09 MEDIUM 6.3 A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid…
CVE-2025-3950 2026-01-09 LOW 3.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user…
CVE-2025-13900 2026-01-09 MEDIUM 6.4 The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the [wppum_end] shortcode in all versions up to, and including,…
CVE-2025-13895 2026-01-09 MEDIUM 6.1 The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.1.0 due to…
CVE-2025-13853 2026-01-09 MEDIUM 6.4 The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data_tech' parameter of the nn-tech shortcode in all versions up to, and including,…
CVE-2025-13781 2026-01-09 MEDIUM 6.5 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2025-13772 2026-01-09 HIGH 7.1 GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2025-13761 2026-01-09 HIGH 8.0 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute…
CVE-2025-13729 2026-01-09 MEDIUM 6.4 The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'entry-views' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-11246 2026-01-09 MEDIUM 5.4 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
« Anterior Página 450 de 4266 Siguiente »