Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-41744 2025-12-02 CRITICAL 9.1 Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.
CVE-2025-41743 2025-12-02 MEDIUM 4.0 Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the…
CVE-2025-41742 2025-12-02 CRITICAL 9.8 Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify,…
CVE-2025-13353 2025-12-02 N/A 0.0 In gokey versions
CVE-2025-13873 2025-12-02 N/A 0.0 Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context…
CVE-2025-13872 2025-12-02 N/A 0.0 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted…
CVE-2025-13871 2025-12-02 N/A 0.0 Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without…
CVE-2025-13870 2025-12-02 LOW 3.1 Mattermost versions 10.11.x
CVE-2025-13724 2025-12-02 HIGH 7.5 The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4…
CVE-2025-13534 2025-12-02 MEDIUM 6.3 The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to…
CVE-2025-13516 2025-12-02 HIGH 8.1 The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This…
CVE-2025-10543 2025-12-02 N/A 0.0 In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions
CVE-2025-13696 2025-12-02 MEDIUM 5.3 The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX…
CVE-2025-11726 2025-12-02 MEDIUM 4.3 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient…
CVE-2025-10971 2025-12-02 N/A 0.0 Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
CVE-2025-13685 2025-12-02 MEDIUM 4.3 The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce…
CVE-2025-13140 2025-12-02 MEDIUM 4.3 The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due…
CVE-2025-13007 2025-12-02 MEDIUM 6.1 The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including,…
CVE-2025-12483 2025-12-02 MEDIUM 6.5 The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12…
CVE-2025-13001 2025-12-02 MEDIUM 4.1 The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to…
CVE-2025-13000 2025-12-02 HIGH 7.7 The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
CVE-2025-13606 2025-12-02 MEDIUM 6.5 The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is…
CVE-2025-13387 2025-12-02 HIGH 7.2 The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to…
CVE-2025-20792 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20791 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20790 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20789 2025-12-02 MEDIUM 4.4 In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-20788 2025-12-02 MEDIUM 4.4 In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges…
CVE-2025-20777 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20776 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20775 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20774 2025-12-02 MEDIUM 6.7 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20773 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20772 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20771 2025-12-02 MEDIUM 6.7 In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already…
CVE-2025-20770 2025-12-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20769 2025-12-02 LOW 3.4 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20768 2025-12-02 HIGH 7.8 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20767 2025-12-02 HIGH 7.8 In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has…
CVE-2025-20766 2025-12-02 HIGH 7.8 In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2025-20765 2025-12-02 MEDIUM 4.7 In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already…
CVE-2025-20764 2025-12-02 HIGH 7.8 In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20763 2025-12-02 HIGH 7.8 In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20759 2025-12-02 MEDIUM 6.5 In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has…
CVE-2025-20758 2025-12-02 MEDIUM 4.9 In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20757 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20756 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20755 2025-12-02 MEDIUM 5.3 In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-20754 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to…
CVE-2025-20753 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a…
« Anterior Página 618 de 4293 Siguiente »