Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13114 2025-11-13 MEDIUM 6.3 A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may…
CVE-2025-12765 2025-11-13 HIGH 7.5 pgAdmin
CVE-2025-12764 2025-11-13 HIGH 7.5 pgAdmin
CVE-2025-40681 2025-11-13 N/A 0.0 Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using…
CVE-2025-12818 2025-11-13 MEDIUM 5.9 Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by…
CVE-2025-12817 2025-11-13 LOW 3.1 Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later…
CVE-2025-12763 2025-11-13 MEDIUM 6.8 pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and…
CVE-2025-12762 2025-11-13 CRITICAL 9.1 pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files.…
CVE-2025-12377 2025-11-13 MEDIUM 5.3 The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions…
CVE-2025-7704 2025-11-13 MEDIUM 5.4 Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
CVE-2025-64384 2025-11-13 N/A 0.0 Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through
CVE-2025-64381 2025-11-13 N/A 0.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through
CVE-2025-64369 2025-11-13 N/A 0.0 Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through
CVE-2025-64292 2025-11-13 N/A 0.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google…
CVE-2025-64276 2025-11-13 N/A 0.0 Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through
CVE-2025-8397 2025-11-13 MEDIUM 6.4 The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due…
CVE-2025-12015 2025-11-13 MEDIUM 4.3 The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2025-11769 2025-11-13 MEDIUM 6.4 The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and…
CVE-2025-11260 2025-11-13 MEDIUM 5.3 The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin…
CVE-2025-10295 2025-11-13 MEDIUM 6.4 The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and…
CVE-2025-12844 2025-11-13 HIGH 7.1 The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input…
CVE-2025-12681 2025-11-13 MEDIUM 5.3 The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax_get_comment'…
CVE-2025-12620 2025-11-13 MEDIUM 4.9 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to,…
CVE-2025-12891 2025-11-13 MEDIUM 5.3 The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up…
CVE-2025-12979 2025-11-13 MEDIUM 5.3 The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all versions up to,…
CVE-2025-12892 2025-11-13 MEDIUM 5.3 The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to,…
CVE-2025-12733 2025-11-13 HIGH 8.8 The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2025-12536 2025-11-13 MEDIUM 5.3 The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due…
CVE-2025-12366 2025-11-13 MEDIUM 4.3 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5…
CVE-2025-12089 2025-11-13 MEDIUM 6.5 The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache() function in all versions…
CVE-2025-11923 2025-11-13 HIGH 8.8 The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating…
CVE-2025-64716 2025-11-13 N/A 0.0 Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication,…
CVE-2025-64710 2025-11-13 N/A 0.0 Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers…
CVE-2025-64707 2025-11-12 N/A 0.0 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the…
CVE-2025-64705 2025-11-12 N/A 0.0 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions…
CVE-2025-12703 2025-11-12 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-59089 2025-11-12 MEDIUM 5.9 If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds…
CVE-2025-59088 2025-11-12 HIGH 8.6 If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS…
CVE-2025-64517 2025-11-12 MEDIUM 4.4 sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root…
CVE-2025-64503 2025-11-12 MEDIUM 4.0 cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting…
CVE-2025-64500 2025-11-12 HIGH 7.3 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification.…
CVE-2025-64482 2025-11-12 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions…
CVE-2025-64429 2025-11-12 N/A 0.0 DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this…
CVE-2025-64345 2025-11-12 LOW 1.8 Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory…
CVE-2025-64117 2025-11-12 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions…
CVE-2025-60646 2025-11-12 MEDIUM 6.1 A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into…
CVE-2025-63419 2025-11-12 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field…
CVE-2025-40208 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec:…
CVE-2025-40207 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does…
CVE-2025-59491 2025-11-12 MEDIUM 6.1 Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
« Anterior Página 657 de 4296 Siguiente »