Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11782 2025-12-02 N/A 0.0 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer…
CVE-2025-11781 2025-12-02 N/A 0.0 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract…
CVE-2025-11780 2025-12-02 N/A 0.0 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The…
CVE-2025-11779 2025-12-02 N/A 0.0 Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web…
CVE-2025-11778 2025-12-02 N/A 0.0 Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
CVE-2025-13090 2025-12-02 MEDIUM 4.9 The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping…
CVE-2025-41744 2025-12-02 CRITICAL 9.1 Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.
CVE-2025-41743 2025-12-02 MEDIUM 4.0 Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the…
CVE-2025-41742 2025-12-02 CRITICAL 9.8 Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify,…
CVE-2025-13353 2025-12-02 N/A 0.0 In gokey versions
CVE-2025-13873 2025-12-02 N/A 0.0 Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context…
CVE-2025-13872 2025-12-02 N/A 0.0 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted…
CVE-2025-13871 2025-12-02 N/A 0.0 Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without…
CVE-2025-13870 2025-12-02 LOW 3.1 Mattermost versions 10.11.x
CVE-2025-13724 2025-12-02 HIGH 7.5 The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4…
CVE-2025-13534 2025-12-02 MEDIUM 6.3 The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to…
CVE-2025-13516 2025-12-02 HIGH 8.1 The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This…
CVE-2025-10543 2025-12-02 N/A 0.0 In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions
CVE-2025-13696 2025-12-02 MEDIUM 5.3 The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX…
CVE-2025-11726 2025-12-02 MEDIUM 4.3 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient…
CVE-2025-10971 2025-12-02 N/A 0.0 Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
CVE-2025-13685 2025-12-02 MEDIUM 4.3 The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce…
CVE-2025-13140 2025-12-02 MEDIUM 4.3 The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due…
CVE-2025-13007 2025-12-02 MEDIUM 6.1 The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including,…
CVE-2025-12483 2025-12-02 MEDIUM 6.5 The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12…
CVE-2025-13001 2025-12-02 MEDIUM 4.1 The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to…
CVE-2025-13000 2025-12-02 HIGH 7.7 The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
CVE-2025-13606 2025-12-02 MEDIUM 6.5 The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is…
CVE-2025-13387 2025-12-02 HIGH 7.2 The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to…
CVE-2025-20792 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20791 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20790 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20789 2025-12-02 MEDIUM 4.4 In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-20788 2025-12-02 MEDIUM 4.4 In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges…
CVE-2025-20777 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20776 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20775 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20774 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20773 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20772 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20771 2025-12-02 MEDIUM 6.7 In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already…
CVE-2025-20770 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20769 2025-12-02 LOW 3.4 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20768 2025-12-02 HIGH 7.8 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20767 2025-12-02 HIGH 7.8 In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has…
CVE-2025-20766 2025-12-02 HIGH 7.8 In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20765 2025-12-02 MEDIUM 4.7 In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already…
CVE-2025-20764 2025-12-02 HIGH 7.8 In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20763 2025-12-02 HIGH 7.8 In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20759 2025-12-02 MEDIUM 6.5 In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has…
« Anterior Página 616 de 4291 Siguiente »