Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40023 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already…
CVE-2025-40022 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in…
CVE-2025-40021 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events…
CVE-2025-40020 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its…
CVE-2025-50951 2025-10-23 MEDIUM 6.5 FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVE-2025-50949 2025-10-23 MEDIUM 6.5 FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVE-2025-11576 2025-10-24 MEDIUM 4.3 The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5.…
CVE-2025-10680 2025-10-24 HIGH 8.8 OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
CVE-2025-40019 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in…
CVE-2025-40018 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections…
CVE-2025-10861 2025-10-24 HIGH 7.5 The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-5605 2025-10-24 MEDIUM 4.3 An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass…
CVE-2023-53733 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode When u32_replace_hw_knode fails, we need to undo the tcf_bind_filter operation done…
CVE-2025-5350 2025-10-24 MEDIUM 5.9 SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without…
CVE-2025-12136 2025-10-24 MEDIUM 6.8 The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is…
CVE-2025-12134 2025-10-24 MEDIUM 5.3 The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2025-12096 2025-10-24 MEDIUM 6.4 The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due…
CVE-2025-12072 2025-10-24 MEDIUM 4.3 The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to…
CVE-2025-12028 2025-10-24 HIGH 8.8 The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the…
CVE-2025-12017 2025-10-24 MEDIUM 6.1 The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-12016 2025-10-24 MEDIUM 4.4 The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquiz_custom_start_text' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization…
CVE-2025-12014 2025-10-24 MEDIUM 4.3 The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions…
CVE-2025-11992 2025-10-24 MEDIUM 6.1 The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or…
CVE-2025-11889 2025-10-24 HIGH 7.2 The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in…
CVE-2025-11887 2025-10-24 MEDIUM 4.3 The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and…
CVE-2025-11504 2025-10-24 HIGH 7.5 The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible…
CVE-2025-11257 2025-10-24 MEDIUM 4.3 The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all…
CVE-2025-11253 2025-10-24 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.
CVE-2025-11172 2025-10-24 MEDIUM 4.3 The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to,…
CVE-2025-10902 2025-10-24 MEDIUM 4.3 The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ai_scan_result_remove' function in all versions up…
CVE-2025-10901 2025-10-24 MEDIUM 4.3 The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up…
CVE-2025-10749 2025-10-24 MEDIUM 5.4 The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to…
CVE-2025-10748 2025-10-24 MEDIUM 6.5 The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping…
CVE-2025-10740 2025-10-24 MEDIUM 6.3 The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the…
CVE-2025-10701 2025-10-24 MEDIUM 6.4 The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up…
CVE-2025-6440 2025-10-24 CRITICAL 9.8 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing…
CVE-2025-62868 2025-10-24 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT:…
CVE-2025-9158 2025-10-24 N/A 0.0 The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to…
CVE-2025-61931 2025-10-24 MEDIUM 5.4 Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
CVE-2025-58070 2025-10-24 MEDIUM 6.1 Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
CVE-2025-62835 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62834 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62833 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62832 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62831 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62830 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62829 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62828 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62827 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-7730 2025-10-23 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient…
« Anterior Página 49 de 3636 Siguiente »