Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11875 2025-10-25 MEDIUM 6.4 The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input…
CVE-2025-11497 2025-10-25 MEDIUM 4.3 The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect…
CVE-2025-11255 2025-10-25 MEDIUM 4.3 The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppm_ajax' AJAX endpoint…
CVE-2025-10637 2025-10-25 MEDIUM 5.3 The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly…
CVE-2025-10580 2025-10-25 MEDIUM 6.4 The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple functions in all versions up…
CVE-2025-10488 2025-10-25 HIGH 8.1 The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action…
CVE-2025-8666 2025-10-25 MEDIUM 6.4 The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient…
CVE-2025-8588 2025-10-25 MEDIUM 6.4 The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in…
CVE-2025-8413 2025-10-25 MEDIUM 6.4 The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `soundcloud` shortcode in version less than, or equal to, 2.0.8 due to insufficient input…
CVE-2025-6680 2025-10-25 MEDIUM 4.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes…
CVE-2025-6639 2025-10-25 MEDIUM 5.4 The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3…
CVE-2025-12095 2025-10-25 HIGH 8.8 The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce…
CVE-2025-12005 2025-10-25 MEDIUM 4.3 The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to,…
CVE-2025-11888 2025-10-25 LOW 2.7 The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check…
CVE-2025-11879 2025-10-25 MEDIUM 6.5 The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_option_rest' function in all versions up to, and…
CVE-2025-11564 2025-10-25 MEDIUM 5.3 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook…
CVE-2025-11269 2025-10-25 MEDIUM 5.3 The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions…
CVE-2025-11244 2025-10-25 LOW 3.7 The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the…
CVE-2025-11238 2025-10-25 HIGH 7.2 The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient…
CVE-2025-10737 2025-10-25 MEDIUM 6.4 The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to…
CVE-2025-10694 2025-10-25 MEDIUM 5.3 The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2025-11823 2025-10-25 MEDIUM 6.4 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text'…
CVE-2025-10579 2025-10-25 MEDIUM 5.3 The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX…
CVE-2025-36361 2025-10-24 MEDIUM 6.3 IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
CVE-2025-11760 2025-10-25 MEDIUM 5.3 The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to,…
CVE-2025-34503 2025-10-24 N/A 0.0 Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run…
CVE-2025-34502 2025-10-24 N/A 0.0 Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can…
CVE-2025-34500 2025-10-24 N/A 0.0 Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC…
CVE-2025-12194 2025-10-24 N/A 0.0 Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy…
CVE-2025-62711 2025-10-24 N/A 0.0 Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible…
CVE-2025-4106 2025-10-24 N/A 0.0 An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform…
CVE-2025-34293 2025-10-24 N/A 0.0 GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated…
CVE-2025-62723 2025-10-24 MEDIUM 4.3 FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent…
CVE-2025-62717 2025-10-24 N/A 0.0 Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This…
CVE-2025-60954 2025-10-24 HIGH 8.3 Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character…
CVE-2025-60729 2025-10-24 MEDIUM 5.3 PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
CVE-2025-60419 2025-10-24 MEDIUM 6.2 An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause…
CVE-2025-52099 2025-10-24 HIGH 7.5 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function
CVE-2025-62716 2025-10-24 HIGH 8.1 Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that…
CVE-2025-60735 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
CVE-2025-60731 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
CVE-2025-60558 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
CVE-2025-60557 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.
CVE-2025-60556 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.
CVE-2025-60555 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.
CVE-2025-60552 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.
CVE-2025-60551 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.
CVE-2025-60550 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.
CVE-2025-60549 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.
CVE-2025-60547 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.
« Anterior Página 47 de 3636 Siguiente »