Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59110 2025-11-18 N/A 0.0 Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is…
CVE-2025-55179 2025-11-18 MEDIUM 5.4 Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user…
CVE-2025-13349 2025-11-18 LOW 3.5 A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade…
CVE-2025-13347 2025-11-18 MEDIUM 6.3 A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument Username can…
CVE-2025-13346 2025-11-18 MEDIUM 6.3 A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/station results in…
CVE-2025-12545 2025-11-18 MEDIUM 5.3 The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to,…
CVE-2025-12376 2025-11-18 MEDIUM 6.4 The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1…
CVE-2025-13305 2025-11-17 HIGH 8.8 A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the…
CVE-2025-10158 2025-11-18 MEDIUM 4.3 A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array…
CVE-2025-6670 2025-11-18 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in…
CVE-2025-41350 2025-11-18 N/A 0.0 Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation…
CVE-2025-41349 2025-11-18 N/A 0.0 Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation…
CVE-2025-41348 2025-11-18 N/A 0.0 SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the…
CVE-2025-13345 2025-11-18 MEDIUM 6.3 A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads…
CVE-2025-13344 2025-11-18 HIGH 7.3 A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the…
CVE-2025-13343 2025-11-18 LOW 3.5 A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results…
CVE-2025-41737 2025-11-18 HIGH 7.5 Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
CVE-2025-41736 2025-11-18 HIGH 8.8 A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in…
CVE-2025-41735 2025-11-18 HIGH 8.8 A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVE-2025-41734 2025-11-18 CRITICAL 9.8 An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVE-2025-41733 2025-11-18 CRITICAL 9.8 The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
CVE-2025-41347 2025-11-18 N/A 0.0 Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request…
CVE-2025-11427 2025-11-18 MEDIUM 5.8 The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via…
CVE-2025-4212 2025-11-18 HIGH 7.2 The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to…
CVE-2025-41346 2025-11-18 N/A 0.0 Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker…
CVE-2025-13196 2025-11-18 MEDIUM 5.4 The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up…
CVE-2025-13133 2025-11-18 MEDIUM 6.6 The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes…
CVE-2025-13069 2025-11-18 HIGH 8.8 The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. This is due to…
CVE-2025-12955 2025-11-18 HIGH 7.5 The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders"…
CVE-2025-12691 2025-11-18 MEDIUM 6.4 The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up…
CVE-2025-12639 2025-11-18 MEDIUM 4.3 The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is…
CVE-2025-12481 2025-11-18 MEDIUM 4.3 The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly…
CVE-2025-12457 2025-11-18 MEDIUM 6.4 The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2…
CVE-2025-12392 2025-11-18 MEDIUM 5.3 The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all…
CVE-2025-12391 2025-11-18 MEDIUM 5.3 The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up…
CVE-2025-12088 2025-11-18 MEDIUM 6.4 The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meta Display Block in all versions up to, and including, 1.0.0 due to…
CVE-2025-12079 2025-11-18 MEDIUM 6.1 The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input…
CVE-2025-11734 2025-11-18 MEDIUM 5.4 The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all…
CVE-2025-9625 2025-11-18 MEDIUM 4.3 The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect…
CVE-2025-8609 2025-11-18 MEDIUM 6.4 The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1…
CVE-2025-8605 2025-11-18 MEDIUM 6.4 The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up…
CVE-2025-40549 2025-11-18 CRITICAL 9.1 A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a…
CVE-2025-40548 2025-11-18 CRITICAL 9.1 A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires…
CVE-2025-40547 2025-11-18 CRITICAL 9.1 A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires…
CVE-2025-40545 2025-11-18 MEDIUM 4.8 SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to…
CVE-2025-26391 2025-11-18 MEDIUM 5.4 SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.
CVE-2025-13088 2025-11-18 HIGH 8.8 The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient…
CVE-2025-12962 2025-11-18 MEDIUM 6.4 The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode.…
CVE-2025-12961 2025-11-18 MEDIUM 4.3 The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wp_ajax_save_settings' AJAX action in all versions up to,…
CVE-2025-12937 2025-11-18 MEDIUM 6.5 The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acf_flm_update_template_with_pasted_layout' function in all versions…
« Anterior Página 645 de 4294 Siguiente »