Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-7960 2025-12-13 MEDIUM 6.4 The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions…
CVE-2025-7058 2025-12-13 MEDIUM 6.4 The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization…
CVE-2025-67871 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67870 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67869 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67868 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67867 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67866 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67865 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67864 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-67863 2025-12-13 N/A 0.0 Rejected reason: Not used
CVE-2025-36754 2025-12-13 N/A 0.0 The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session…
CVE-2025-36753 2025-12-13 N/A 0.0 The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets…
CVE-2025-36752 2025-12-13 N/A 0.0 Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that…
CVE-2025-36751 2025-12-13 N/A 0.0 Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between…
CVE-2025-36750 2025-12-13 N/A 0.0 ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow…
CVE-2025-36748 2025-12-13 N/A 0.0 ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow…
CVE-2025-36747 2025-12-13 N/A 0.0 ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker…
CVE-2025-14620 2025-12-13 HIGH 7.3 A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation of the argument…
CVE-2025-14619 2025-12-13 HIGH 7.3 A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument…
CVE-2025-14617 2025-12-13 MEDIUM 5.3 A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads…
CVE-2025-14607 2025-12-13 MEDIUM 6.3 A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation…
CVE-2025-14606 2025-12-13 MEDIUM 5.0 A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component…
CVE-2025-14590 2025-12-13 HIGH 7.3 A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads…
CVE-2025-14589 2025-12-13 MEDIUM 6.3 A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing manipulation of the argument keyname can…
CVE-2025-14588 2025-12-13 HIGH 7.3 A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results…
CVE-2025-14587 2025-12-13 HIGH 7.3 A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the argument Name leads…
CVE-2025-14586 2025-12-13 MEDIUM 6.3 A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os…
CVE-2025-14581 2025-12-13 MEDIUM 5.3 The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX action in all…
CVE-2025-14542 2025-12-13 HIGH 7.5 The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign…
CVE-2025-14540 2025-12-13 MEDIUM 4.3 The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and…
CVE-2025-14539 2025-12-13 MEDIUM 5.4 The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing…
CVE-2025-14508 2025-12-13 MEDIUM 6.5 The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv…
CVE-2025-14477 2025-12-13 MEDIUM 4.9 The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter…
CVE-2025-14476 2025-12-13 HIGH 8.8 The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization…
CVE-2025-14475 2025-12-13 HIGH 8.1 The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the `extensive_vc_get_module_template_part`…
CVE-2025-14462 2025-12-13 MEDIUM 4.3 The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect…
CVE-2025-14454 2025-12-13 MEDIUM 4.3 The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is…
CVE-2025-14451 2025-12-13 MEDIUM 4.7 The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the…
CVE-2025-14447 2025-12-13 MEDIUM 5.3 The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu_reset_options() function in all versions up to,…
CVE-2025-14446 2025-12-13 MEDIUM 6.5 The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all…
CVE-2025-14440 2025-12-13 CRITICAL 9.8 The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in…
CVE-2025-14397 2025-12-13 HIGH 8.8 The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all…
CVE-2025-14395 2025-12-13 MEDIUM 4.3 The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all…
CVE-2025-14394 2025-12-13 MEDIUM 4.3 The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation.…
CVE-2025-14378 2025-12-13 MEDIUM 4.4 The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization…
CVE-2025-14367 2025-12-13 MEDIUM 5.3 The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in…
CVE-2025-14366 2025-12-13 MEDIUM 5.3 The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on…
CVE-2025-14365 2025-12-13 MEDIUM 5.3 The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on…
CVE-2025-14288 2025-12-13 MEDIUM 4.3 The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to unauthorized modification of…
« Anterior Página 565 de 4286 Siguiente »