Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13853 2026-01-09 MEDIUM 6.4 The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data_tech' parameter of the nn-tech shortcode in all versions up to, and including,…
CVE-2025-13781 2026-01-09 MEDIUM 6.5 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2025-13772 2026-01-09 HIGH 7.1 GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2025-13761 2026-01-09 HIGH 8.0 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute…
CVE-2025-13729 2026-01-09 MEDIUM 6.4 The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'entry-views' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-11246 2026-01-09 MEDIUM 5.4 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2025-10569 2026-01-09 MEDIUM 6.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated…
CVE-2026-0627 2026-01-09 MEDIUM 6.4 The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due…
CVE-2026-21409 2026-01-09 MEDIUM 5.9 Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and…
CVE-2025-69195 2026-01-09 HIGH 7.6 A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction…
CVE-2025-69194 2026-01-09 HIGH 8.8 A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse…
CVE-2025-14937 2026-01-09 HIGH 7.2 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontend_admin/forms/update_field' AJAX action in all versions up to,…
CVE-2025-14741 2026-01-09 CRITICAL 9.1 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object'…
CVE-2025-14657 2026-01-09 HIGH 7.2 The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-14146 2026-01-09 MEDIUM 5.3 The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the `WPBC_FLEXTIMELINE_NAV` AJAX action. This is due…
CVE-2025-13935 2026-01-09 MEDIUM 4.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is…
CVE-2025-13934 2026-01-09 MEDIUM 4.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is…
CVE-2025-13753 2026-01-09 MEDIUM 4.3 The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the…
CVE-2025-13628 2026-01-09 MEDIUM 4.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on…
CVE-2026-20976 2026-01-09 N/A 0.0 Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
CVE-2026-20975 2026-01-09 N/A 0.0 Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
CVE-2026-20974 2026-01-09 N/A 0.0 Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
CVE-2026-20973 2026-01-09 MEDIUM 5.3 Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
CVE-2026-20972 2026-01-09 N/A 0.0 Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
CVE-2026-20971 2026-01-09 N/A 0.0 Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
CVE-2026-20970 2026-01-09 N/A 0.0 Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
CVE-2026-20969 2026-01-09 N/A 0.0 Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
CVE-2026-20968 2026-01-09 N/A 0.0 Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-0563 2026-01-09 MEDIUM 6.4 The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsv_map' shortcode…
CVE-2025-70974 2026-01-09 CRITICAL 10.0 Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class,…
CVE-2025-15057 2026-01-09 HIGH 7.2 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due…
CVE-2025-15055 2026-01-09 HIGH 7.2 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to…
CVE-2025-15019 2026-01-09 MEDIUM 6.4 The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialty_cs_alt'…
CVE-2025-14980 2026-01-09 MEDIUM 6.5 The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for…
CVE-2025-14893 2026-01-09 MEDIUM 6.4 The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization…
CVE-2025-14782 2026-01-09 MEDIUM 5.3 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1…
CVE-2025-14736 2026-01-09 CRITICAL 9.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of…
CVE-2025-14720 2026-01-09 MEDIUM 5.3 The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all…
CVE-2025-14718 2026-01-09 MEDIUM 5.4 The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the…
CVE-2025-14574 2026-01-09 MEDIUM 5.3 The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it…
CVE-2026-0719 2026-01-08 HIGH 7.5 A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords,…
CVE-2025-13749 2026-01-09 MEDIUM 4.3 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-14886 2026-01-09 MEDIUM 5.3 The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all…
CVE-2026-22636 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22635 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22634 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22633 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22632 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22631 2026-01-09 N/A 0.0 Rejected reason: Not used
CVE-2026-22630 2026-01-09 N/A 0.0 Rejected reason: Not used
« Anterior Página 451 de 4267 Siguiente »