Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-13419	2026-01-07	MEDIUM	5.3	The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2025-13418	2026-01-07	MEDIUM	6.4	The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient…
CVE-2025-13371	2026-01-07	HIGH	8.6	The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment…
CVE-2025-13369	2026-01-07	MEDIUM	6.1	The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and…
CVE-2025-12958	2026-01-07	LOW	2.7	The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankology_code_block' page in all…
CVE-2025-12648	2026-01-07	MEDIUM	5.3	The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable…
CVE-2025-12540	2026-01-07	MEDIUM	4.7	The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the…
CVE-2025-12449	2026-01-07	MEDIUM	5.4	The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple…
CVE-2025-12030	2026-01-07	MEDIUM	4.3	The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient…
CVE-2025-11877	2026-01-07	HIGH	7.5	The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and…
CVE-2025-11235	2026-01-07	LOW	3.7	Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before…
CVE-2024-14020	2026-01-07	MEDIUM	5.0	A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation…
CVE-2025-31642	2026-01-07	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-31051	2026-01-07	MEDIUM	5.3	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant…
CVE-2025-15471	2026-01-07	CRITICAL	9.8	A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os…
CVE-2025-14612	2026-01-07	MEDIUM	6.7	Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through…
CVE-2025-14605	2026-01-07	MEDIUM	6.7	Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
CVE-2025-14599	2026-01-07	MEDIUM	6.7	Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects…
CVE-2025-14596	2026-01-07	MEDIUM	6.7	Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
CVE-2025-30996	2026-01-06	CRITICAL	9.9	Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify…
CVE-2025-30631	2026-01-06	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)…
CVE-2025-29004	2026-01-06	HIGH	8.8	Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue…
CVE-2025-13744	2026-01-06	N/A	0.0	An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component…
CVE-2025-7048	2026-01-06	MEDIUM	4.3	On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain…
CVE-2025-69354	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through
CVE-2025-69353	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from…
CVE-2025-69352	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through
CVE-2025-69351	2026-01-06	MEDIUM	6.5	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from…
CVE-2025-69349	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through
CVE-2025-69348	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a…
CVE-2025-69346	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through
CVE-2025-69345	2026-01-06	MEDIUM	5.4	Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid:…
CVE-2023-5069	2026-01-06	N/A	0.0	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2020-36920	2026-01-06	HIGH	8.8	iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify…
CVE-2020-36918	2026-01-06	MEDIUM	4.3	iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages…
CVE-2020-36916	2026-01-06	HIGH	8.8	TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated…
CVE-2020-36915	2026-01-06	HIGH	7.5	Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials…
CVE-2020-36913	2026-01-06	MEDIUM	5.3	All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET…
CVE-2026-21494	2026-01-06	MEDIUM	6.1	iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in…
CVE-2026-21677	2026-01-06	HIGH	8.8	iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes…
CVE-2026-21675	2026-01-06	CRITICAL	9.8	iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create()…
CVE-2026-21674	2026-01-06	LOW	3.3	iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE…
CVE-2026-21491	2026-01-06	MEDIUM	6.1	iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in…
CVE-2026-21490	2026-01-06	MEDIUM	6.1	iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in…
CVE-2026-21485	2026-01-06	HIGH	8.8	iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out…
CVE-2026-0641	2026-01-06	MEDIUM	6.3	A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to…
CVE-2026-21439	2026-01-06	N/A	0.0	badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters…
CVE-2026-0607	2026-01-06	HIGH	7.3	A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can…
CVE-2026-0606	2026-01-05	HIGH	7.3	A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument…
CVE-2025-68456	2026-01-05	N/A	0.0	Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions,…

« Anterior Página 462 de 4268 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte