Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9126 2025-09-06 MEDIUM 6.4 The Smart Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.1 due to insufficient…
CVE-2025-8722 2025-09-06 MEDIUM 6.4 The Content Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid and List widgets in all versions up to, and including, 4.1 due…
CVE-2025-8564 2025-09-06 MEDIUM 6.4 The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient…
CVE-2025-8149 2025-09-06 MEDIUM 6.4 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due…
CVE-2025-7045 2025-09-06 MEDIUM 6.5 The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in…
CVE-2025-7040 2025-09-06 HIGH 8.2 The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function…
CVE-2025-9853 2025-09-06 MEDIUM 6.4 The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient…
CVE-2025-9515 2025-09-06 HIGH 7.2 The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to,…
CVE-2025-9085 2025-09-06 MEDIUM 4.9 The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the…
CVE-2025-8360 2025-09-06 MEDIUM 6.4 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including,…
CVE-2025-8359 2025-09-06 CRITICAL 9.8 The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a…
CVE-2025-58912 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58911 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58910 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58909 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58908 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58907 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58906 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58905 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58904 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58437 2025-09-06 HIGH 8.1 Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt…
CVE-2025-58374 2025-09-06 HIGH 7.8 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need…
CVE-2025-10003 2025-09-06 MEDIUM 6.5 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘upload_file_remove’…
CVE-2025-9849 2025-09-06 MEDIUM 5.3 The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due…
CVE-2025-7368 2025-09-06 MEDIUM 5.3 The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the…
CVE-2025-7366 2025-09-06 HIGH 7.3 The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7.…
CVE-2025-6067 2025-09-06 MEDIUM 6.4 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext`…
CVE-2025-58439 2025-09-06 HIGH 8.1 ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable…
CVE-2025-58375 2025-09-06 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2021-26383 2025-09-06 HIGH 7.9 Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of…
CVE-2025-58373 2025-09-05 MEDIUM 5.5 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks.…
CVE-2025-58372 2025-09-05 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace)…
CVE-2025-58371 2025-09-05 N/A 0.0 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a…
CVE-2025-58370 2025-09-05 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter…
CVE-2025-58369 2025-09-05 MEDIUM 5.3 fs2 is a compositional, streaming I/O library for Scala. Versions 3.12.2 and lower and 3.13.0-M1 through 3.13.0-M6 is vulnerable to denial of service attacks though TLS sessions using…
CVE-2025-58367 2025-09-05 N/A 0.0 DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor,…
CVE-2025-58366 2025-09-05 N/A 0.0 Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances…
CVE-2025-57807 2025-09-05 LOW 3.8 ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset…
CVE-2025-10027 2025-09-05 LOW 3.5 A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the…
CVE-2025-53791 2025-09-05 MEDIUM 4.7 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-10061 2025-09-05 MEDIUM 6.5 An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator…
CVE-2025-10060 2025-09-05 MEDIUM 6.5 MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may…
CVE-2025-10059 2025-09-05 MEDIUM 6.5 An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided…
CVE-2025-9566 2025-09-05 HIGH 8.1 There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap…
CVE-2025-10044 2025-09-05 MEDIUM 4.3 A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the error_description query parameter. This text is directly rendered in error pages…
CVE-2025-10043 2025-09-05 LOW 2.7 A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As…
CVE-2025-10026 2025-09-05 LOW 3.5 A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/-complex_header.php. The manipulation of the…
CVE-2025-10025 2025-09-05 HIGH 7.3 A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to…
CVE-2025-10013 2025-09-05 MEDIUM 6.3 A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack…
CVE-2025-10012 2025-09-05 MEDIUM 6.3 A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument…
« Anterior Página 488 de 3938 Siguiente »