Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13757 2025-11-27 N/A 0.0 SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
CVE-2025-8890 2025-11-27 N/A 0.0 Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker…
CVE-2025-13692 2025-11-27 HIGH 7.2 The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to…
CVE-2025-12140 2025-11-27 N/A 0.0 The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression,…
CVE-2025-59454 2025-11-27 N/A 0.0 In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only…
CVE-2025-59302 2025-11-27 N/A 0.0 In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTariffUpdate…
CVE-2025-54057 2025-11-27 N/A 0.0 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking:
CVE-2025-12971 2025-11-27 MEDIUM 4.3 The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured…
CVE-2025-59890 2025-11-27 HIGH 7.3 Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code…
CVE-2025-13742 2025-11-27 N/A 0.0 Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced…
CVE-2025-10476 2025-11-27 MEDIUM 4.3 The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up…
CVE-2025-59026 2025-11-27 MEDIUM 5.4 Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account,…
CVE-2025-59025 2025-11-27 MEDIUM 6.1 Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization…
CVE-2025-30190 2025-11-27 MEDIUM 5.4 Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account,…
CVE-2025-30186 2025-11-27 MEDIUM 5.4 Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account,…
CVE-2025-13381 2025-11-27 MEDIUM 5.3 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function…
CVE-2025-13378 2025-11-27 MEDIUM 6.5 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via…
CVE-2025-12584 2025-11-27 MEDIUM 5.3 The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to…
CVE-2025-13536 2025-11-27 HIGH 8.8 The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is…
CVE-2025-13441 2025-11-27 MEDIUM 5.3 The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to…
CVE-2025-13157 2025-11-27 MEDIUM 5.3 The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode_wishlist_for_woocommerce_wishlist_table_item_callback' function due…
CVE-2025-13525 2025-11-27 MEDIUM 6.1 The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1.4.5 due to insufficient…
CVE-2025-13143 2025-11-27 MEDIUM 4.3 The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This…
CVE-2025-12185 2025-11-27 MEDIUM 4.4 The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and…
CVE-2025-12123 2025-11-27 MEDIUM 6.1 The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due…
CVE-2025-7820 2025-11-27 HIGH 7.5 The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only…
CVE-2025-3784 2025-11-27 MEDIUM 5.5 Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the…
CVE-2025-13680 2025-11-27 HIGH 8.8 The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to…
CVE-2025-13675 2025-11-27 CRITICAL 9.8 The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what…
CVE-2025-13540 2025-11-27 CRITICAL 9.8 The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting…
CVE-2025-13539 2025-11-27 CRITICAL 9.8 The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging…
CVE-2025-13538 2025-11-27 CRITICAL 9.8 The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting…
CVE-2025-12758 2025-11-27 HIGH 7.5 Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take…
CVE-2025-12151 2025-11-27 MEDIUM 6.4 The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio_name' parameter in all versions up to, and including, 1.1.0 due to insufficient input…
CVE-2025-66314 2025-11-27 HIGH 7.5 Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ElasticNet UME R32: ElasticNet_UME_R32_V16.23.20.04.
CVE-2025-34351 2025-11-27 N/A 0.0 Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by…
CVE-2025-13762 2025-11-27 N/A 0.0 Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk…
CVE-2025-12713 2025-11-27 MEDIUM 6.4 The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization…
CVE-2025-12712 2025-11-27 MEDIUM 6.4 The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization…
CVE-2025-12670 2025-11-27 MEDIUM 6.4 The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to…
CVE-2025-12666 2025-11-27 MEDIUM 6.4 The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up…
CVE-2025-12649 2025-11-27 MEDIUM 6.4 The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2.…
CVE-2025-12579 2025-11-27 MEDIUM 5.3 The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to,…
CVE-2025-12578 2025-11-27 MEDIUM 4.3 The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce…
CVE-2025-0658 2025-11-27 N/A 0.0 A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet…
CVE-2025-0657 2025-11-27 N/A 0.0 A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to…
CVE-2024-5540 2025-11-27 N/A 0.0 The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client…
CVE-2024-5539 2025-11-27 N/A 0.0 The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions…
CVE-2025-62728 2025-11-26 N/A 0.0 SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are…
CVE-2025-66040 2025-11-27 LOW 3.6 Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows…
« Anterior Página 625 de 4293 Siguiente »