Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12017 2025-10-24 MEDIUM 6.1 The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-12016 2025-10-24 MEDIUM 4.4 The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquiz_custom_start_text' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization…
CVE-2025-12014 2025-10-24 MEDIUM 4.3 The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions…
CVE-2025-11992 2025-10-24 MEDIUM 6.1 The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or…
CVE-2025-11889 2025-10-24 HIGH 7.2 The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in…
CVE-2025-11887 2025-10-24 MEDIUM 4.3 The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and…
CVE-2025-11504 2025-10-24 HIGH 7.5 The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible…
CVE-2025-11257 2025-10-24 MEDIUM 4.3 The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all…
CVE-2025-11253 2025-10-24 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.
CVE-2025-11172 2025-10-24 MEDIUM 4.3 The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to,…
CVE-2025-10902 2025-10-24 MEDIUM 4.3 The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ai_scan_result_remove' function in all versions up…
CVE-2025-10901 2025-10-24 MEDIUM 4.3 The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up…
CVE-2025-10749 2025-10-24 MEDIUM 5.4 The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to…
CVE-2025-10748 2025-10-24 MEDIUM 6.5 The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.2. This is due to insufficient escaping…
CVE-2025-10740 2025-10-24 MEDIUM 6.3 The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the…
CVE-2025-10701 2025-10-24 MEDIUM 6.4 The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up…
CVE-2025-6440 2025-10-24 CRITICAL 9.8 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing…
CVE-2025-62868 2025-10-24 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT:…
CVE-2025-9158 2025-10-24 N/A 0.0 The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to…
CVE-2025-61931 2025-10-24 MEDIUM 5.4 Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
CVE-2025-58070 2025-10-24 MEDIUM 6.1 Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
CVE-2025-62835 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62834 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62833 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62832 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62831 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62830 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62829 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62828 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-62827 2025-10-24 N/A 0.0 Rejected reason: Not used
CVE-2025-7730 2025-10-23 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient…
CVE-2025-62254 2025-10-23 N/A 0.0 The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA…
CVE-2025-60023 2025-10-23 MEDIUM 4.0 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-59776 2025-10-23 MEDIUM 4.0 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-58429 2025-10-23 HIGH 7.5 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-62256 2025-10-23 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions…
CVE-2025-62688 2025-10-23 HIGH 7.1 An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their…
CVE-2025-62498 2025-10-23 HIGH 8.8 A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute…
CVE-2025-61977 2025-10-23 HIGH 7.0 A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by…
CVE-2025-61934 2025-10-23 CRITICAL 10.0 A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService…
CVE-2025-59503 2025-10-23 CRITICAL 9.9 Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
CVE-2025-59500 2025-10-23 HIGH 7.7 Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2025-59273 2025-10-23 HIGH 7.3 Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-58456 2025-10-23 MEDIUM 6.8 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-58078 2025-10-23 HIGH 7.5 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-60859 2025-10-23 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
CVE-2025-60837 2025-10-23 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVE-2025-61464 2025-10-23 MEDIUM 6.5 gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVE-2025-57240 2025-10-23 MEDIUM 6.1 Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step.
CVE-2025-12100 2025-10-23 HIGH 7.8 Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
« Anterior Página 51 de 3638 Siguiente »