Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-69080 2026-01-07 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a…
CVE-2025-47396 2026-01-07 HIGH 7.8 Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVE-2025-47395 2026-01-07 MEDIUM 6.5 Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
CVE-2025-47394 2026-01-07 HIGH 7.8 Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2025-47393 2026-01-07 HIGH 7.8 Memory corruption when accessing resources in kernel driver.
CVE-2025-47388 2026-01-07 HIGH 7.8 Memory corruption while passing pages to DSP with an unaligned starting address.
CVE-2025-47380 2026-01-07 HIGH 7.8 Memory corruption while preprocessing IOCTLs in sensors.
CVE-2025-47369 2026-01-07 MEDIUM 5.5 Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2025-47356 2026-01-07 HIGH 7.8 Memory Corruption when multiple threads concurrently access and modify shared resources.
CVE-2025-47348 2026-01-07 HIGH 7.8 Memory corruption while processing identity credential operations in the trusted application.
CVE-2025-47346 2026-01-07 HIGH 7.8 Memory corruption while processing a secure logging command in the trusted application.
CVE-2025-47345 2026-01-07 HIGH 8.4 Cryptographic issue may occur while encrypting license data.
CVE-2025-47344 2026-01-07 MEDIUM 6.7 Memory corruption while handling sensor utility operations.
CVE-2025-47343 2026-01-07 HIGH 7.8 Memory corruption while processing a video session to set video parameters.
CVE-2025-47339 2026-01-07 HIGH 7.8 Memory corruption while deinitializing a HDCP session.
CVE-2025-47337 2026-01-07 MEDIUM 6.7 Memory corruption while accessing a synchronization object during concurrent operations.
CVE-2025-47336 2026-01-07 MEDIUM 6.7 Memory corruption while performing sensor register read operations.
CVE-2025-47335 2026-01-07 MEDIUM 6.7 Memory corruption while parsing clock configuration data for a specific hardware type.
CVE-2025-47334 2026-01-07 MEDIUM 6.7 Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2025-47333 2026-01-07 MEDIUM 6.6 Memory corruption while handling buffer mapping operations in the cryptographic driver.
CVE-2025-47332 2026-01-07 MEDIUM 6.7 Memory corruption while processing a config call from userspace.
CVE-2025-47331 2026-01-07 MEDIUM 6.1 Information disclosure while processing a firmware event.
CVE-2025-47330 2026-01-07 MEDIUM 5.5 Transient DOS while parsing video packets received from the video firmware.
CVE-2025-32300 2026-01-07 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a…
CVE-2025-31964 2026-01-07 LOW 2.2 Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound…
CVE-2025-31963 2026-01-07 LOW 2.9 Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via…
CVE-2025-31962 2026-01-07 LOW 2.0 Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints…
CVE-2025-31643 2026-01-07 HIGH 8.8 Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-15474 2026-01-07 N/A 0.0 AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of…
CVE-2025-15472 2026-01-07 HIGH 7.2 A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL…
CVE-2025-15158 2026-01-07 HIGH 8.8 The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to,…
CVE-2025-15058 2026-01-07 MEDIUM 6.4 The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient…
CVE-2025-15018 2026-01-07 CRITICAL 9.8 The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin…
CVE-2025-15000 2026-01-07 MEDIUM 4.4 The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versions up to, and including, 1.3.3 due to insufficient input…
CVE-2025-14999 2026-01-07 MEDIUM 4.3 The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce…
CVE-2025-14904 2026-01-07 MEDIUM 4.3 The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on…
CVE-2025-14901 2026-01-07 MEDIUM 6.5 The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up…
CVE-2025-14891 2026-01-07 MEDIUM 6.4 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to…
CVE-2025-14888 2026-01-07 MEDIUM 4.4 The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0…
CVE-2025-14887 2026-01-07 MEDIUM 4.4 The twinklesmtp – Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's sender settings in all versions up to, and including,…
CVE-2025-14875 2026-01-07 MEDIUM 6.1 The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all versions up to, and including, 5.0.0 due…
CVE-2025-14867 2026-01-07 MEDIUM 6.5 The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes…
CVE-2025-14845 2026-01-07 MEDIUM 4.3 The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing…
CVE-2025-14842 2026-01-07 MEDIUM 6.1 The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions…
CVE-2025-14835 2026-01-07 HIGH 7.1 The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to…
CVE-2025-14802 2026-01-07 MEDIUM 5.4 The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This…
CVE-2025-14796 2026-01-07 MEDIUM 6.4 The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to…
CVE-2025-14792 2026-01-07 MEDIUM 4.4 The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up to, and including, 1.1 due to insufficient input…
CVE-2025-14631 2026-01-07 N/A 0.0 A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects…
CVE-2025-14626 2026-01-07 MEDIUM 6.4 The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up…
« Anterior Página 460 de 4268 Siguiente »