Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-14278 2025-12-13 MEDIUM 6.4 The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_title' parameter in all versions up to, and including, 1.7.4 due to…
CVE-2025-14056 2025-12-13 MEDIUM 4.4 The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all versions up to,…
CVE-2025-14050 2025-12-13 MEDIUM 4.9 The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on…
CVE-2025-13705 2025-12-13 MEDIUM 6.4 The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1…
CVE-2025-13403 2025-12-13 MEDIUM 5.3 The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the…
CVE-2025-13094 2025-12-13 HIGH 8.8 The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up…
CVE-2025-13093 2025-12-13 MEDIUM 5.3 The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-13092 2025-12-13 MEDIUM 5.3 The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
CVE-2025-13089 2025-12-13 HIGH 7.5 The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and including, 1.4.7 due…
CVE-2025-13077 2025-12-13 HIGH 7.5 The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions…
CVE-2025-12512 2025-12-13 MEDIUM 4.3 The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the…
CVE-2025-12362 2025-12-13 MEDIUM 5.3 The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.…
CVE-2025-12109 2025-12-13 MEDIUM 6.4 The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in…
CVE-2025-12077 2025-12-13 MEDIUM 6.1 The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient…
CVE-2025-12076 2025-12-13 MEDIUM 6.1 The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient…
CVE-2025-11970 2025-12-13 MEDIUM 4.4 The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in…
CVE-2025-11707 2025-12-13 MEDIUM 5.3 The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key…
CVE-2025-11693 2025-12-13 CRITICAL 9.8 The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly…
CVE-2025-11376 2025-12-13 MEDIUM 6.4 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_loop' shortcode in all versions up to, and including, 1.0.335 due to…
CVE-2025-11164 2025-12-13 MEDIUM 4.3 The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up…
CVE-2025-10738 2025-12-13 CRITICAL 9.8 The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to…
CVE-2025-10289 2025-12-13 MEDIUM 5.9 The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping…
CVE-2025-0969 2025-12-13 MEDIUM 6.5 The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes…
CVE-2025-13970 2025-12-13 HIGH 8.0 OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in…
CVE-2025-67749 2025-12-12 N/A 0.0 PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD…
CVE-2025-67721 2025-12-12 N/A 0.0 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in…
CVE-2025-14585 2025-12-12 HIGH 7.3 A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID…
CVE-2025-14584 2025-12-12 HIGH 7.3 A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of…
CVE-2025-14066 2025-12-12 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-14583 2025-12-12 HIGH 7.3 A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can…
CVE-2025-14582 2025-12-12 MEDIUM 4.7 A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in…
CVE-2025-67750 2025-12-12 HIGH 8.4 Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously…
CVE-2025-67634 2025-12-12 MEDIUM 4.4 The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import…
CVE-2025-46289 2025-12-12 N/A 0.0 A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected…
CVE-2025-46287 2025-12-12 N/A 0.0 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An attacker may be able to…
CVE-2025-46285 2025-12-12 N/A 0.0 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root…
CVE-2025-46276 2025-12-12 N/A 0.0 An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access…
CVE-2025-43542 2025-12-12 N/A 0.0 This issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.3. Password fields may be unintentionally revealed when remotely controlling a device over…
CVE-2025-43539 2025-12-12 N/A 0.0 The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption.
CVE-2025-43538 2025-12-12 N/A 0.0 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
CVE-2025-43532 2025-12-12 N/A 0.0 A memory corruption issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing malicious data may lead to unexpected…
CVE-2025-43530 2025-12-12 N/A 0.0 This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
CVE-2025-43527 2025-12-12 N/A 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to gain root privileges.
CVE-2025-43523 2025-12-12 N/A 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
CVE-2025-43522 2025-12-12 N/A 0.0 A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access…
CVE-2025-43521 2025-12-12 N/A 0.0 A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access…
CVE-2025-43520 2025-12-12 N/A 0.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS…
CVE-2025-43519 2025-12-12 N/A 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user…
CVE-2025-43518 2025-12-12 N/A 0.0 A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to inappropriately access files…
CVE-2025-43517 2025-12-12 N/A 0.0 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be…
« Anterior Página 566 de 4286 Siguiente »