Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-48157	2025-08-20	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality:…
CVE-2025-48154	2025-08-20	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia…
CVE-2025-48152	2025-08-20	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst allows Reflected XSS. This issue affects Rentsyst: from n/a through 2.0.100.
CVE-2025-48151	2025-08-20	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through…
CVE-2025-48149	2025-08-20	HIGH	8.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion. This issue affects Cook&Meal: from…
CVE-2025-48148	2025-08-20	CRITICAL	10.0	Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.
CVE-2025-48142	2025-08-20	HIGH	8.8	Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.
CVE-2025-47650	2025-08-20	MEDIUM	6.5	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal. This issue affects Infility Global: from n/a through 2.14.7.
CVE-2025-30975	2025-08-20	HIGH	7.5	Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection. This issue affects Add Custom Codes: from n/a through 4.80.
CVE-2025-28977	2025-08-20	HIGH	7.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-9202	2025-08-20	MEDIUM	4.3	The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and…
CVE-2025-8618	2025-08-20	MEDIUM	6.4	The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including,…
CVE-2025-55706	2025-08-20	MEDIUM	4.3	URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page,…
CVE-2025-54551	2025-08-20	MEDIUM	4.3	Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate…
CVE-2025-53522	2025-08-20	MEDIUM	5.3	Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.
CVE-2025-57791	2025-08-20	N/A	0.0	An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components…
CVE-2025-57790	2025-08-20	N/A	0.0	An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal…
CVE-2025-57789	2025-08-20	N/A	0.0	An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain…
CVE-2025-8289	2025-08-20	HIGH	7.5	The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input…
CVE-2025-8145	2025-08-20	HIGH	8.8	The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input…
CVE-2025-8141	2025-08-20	HIGH	8.8	The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions…
CVE-2025-54364	2025-08-20	N/A	0.0	Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 2 of 2).
CVE-2024-12223	2025-08-20	N/A	0.0	Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and…
CVE-2025-9193	2025-08-20	LOW	3.5	A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the…
CVE-2025-9185	2025-08-19	N/A	0.0	Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these…
CVE-2025-9184	2025-08-19	N/A	0.0	Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2025-57748	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57747	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57746	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57745	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57744	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57743	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-57742	2025-08-20	N/A	0.0	Rejected reason: Not used
CVE-2025-51529	2025-08-19	MEDIUM	5.3	Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service…
CVE-2025-50579	2025-08-19	MEDIUM	5.3	A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration…
CVE-2025-50461	2025-08-19	MEDIUM	6.5	A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. The script calls torch.load() with weights_only=False on user-supplied .pt files,…
CVE-2025-51489	2025-08-19	MEDIUM	4.5	An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2025-51488	2025-08-19	MEDIUM	4.9	A stored cross-site scripting (XSS) vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload…
CVE-2025-51487	2025-08-19	MEDIUM	4.5	A stored cross-site scripting (XSS) vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload…
CVE-2025-50897	2025-08-19	MEDIUM	4.3	A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO…
CVE-2025-55153	2025-08-19	N/A	0.0	Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-8782	2025-08-19	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-5417	2025-08-19	MEDIUM	6.1	An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access…
CVE-2025-51510	2025-08-19	MEDIUM	4.9	MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module.
CVE-2025-9144	2025-08-19	LOW	3.5	A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The…
CVE-2025-9143	2025-08-19	LOW	3.5	A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site…
CVE-2025-9140	2025-08-19	MEDIUM	6.3	A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation…
CVE-2025-9139	2025-08-19	MEDIUM	4.3	A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack…
CVE-2025-9136	2025-08-19	MEDIUM	5.3	A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be…
CVE-2025-9135	2025-08-19	MEDIUM	5.3	A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results…

« Anterior Página 563 de 3962 Siguiente »