Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-64369 2025-11-13 N/A 0.0 Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through
CVE-2025-64292 2025-11-13 N/A 0.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google…
CVE-2025-64276 2025-11-13 N/A 0.0 Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through
CVE-2025-8397 2025-11-13 MEDIUM 6.4 The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due…
CVE-2025-12015 2025-11-13 MEDIUM 4.3 The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2025-11769 2025-11-13 MEDIUM 6.4 The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and…
CVE-2025-11260 2025-11-13 MEDIUM 5.3 The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin…
CVE-2025-10295 2025-11-13 MEDIUM 6.4 The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and…
CVE-2025-12844 2025-11-13 HIGH 7.1 The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input…
CVE-2025-12681 2025-11-13 MEDIUM 5.3 The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax_get_comment'…
CVE-2025-12620 2025-11-13 MEDIUM 4.9 The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to,…
CVE-2025-12891 2025-11-13 MEDIUM 5.3 The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up…
CVE-2025-12979 2025-11-13 MEDIUM 5.3 The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all versions up to,…
CVE-2025-12892 2025-11-13 MEDIUM 5.3 The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to,…
CVE-2025-12733 2025-11-13 HIGH 8.8 The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2025-12536 2025-11-13 MEDIUM 5.3 The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due…
CVE-2025-12366 2025-11-13 MEDIUM 4.3 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5…
CVE-2025-12089 2025-11-13 MEDIUM 6.5 The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache() function in all versions…
CVE-2025-11923 2025-11-13 HIGH 8.8 The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating…
CVE-2025-64716 2025-11-13 N/A 0.0 Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication,…
CVE-2025-64710 2025-11-13 N/A 0.0 Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers…
CVE-2025-64707 2025-11-12 N/A 0.0 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the…
CVE-2025-64705 2025-11-12 N/A 0.0 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions…
CVE-2025-12703 2025-11-12 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-59089 2025-11-12 MEDIUM 5.9 If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds…
CVE-2025-59088 2025-11-12 HIGH 8.6 If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS…
CVE-2025-64517 2025-11-12 MEDIUM 4.4 sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root…
CVE-2025-64503 2025-11-12 MEDIUM 4.0 cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting…
CVE-2025-64500 2025-11-12 HIGH 7.3 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification.…
CVE-2025-64482 2025-11-12 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions…
CVE-2025-64429 2025-11-12 N/A 0.0 DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this…
CVE-2025-64345 2025-11-12 LOW 1.8 Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory…
CVE-2025-64117 2025-11-12 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions…
CVE-2025-60646 2025-11-12 MEDIUM 6.1 A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into…
CVE-2025-63419 2025-11-12 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field…
CVE-2025-40208 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec:…
CVE-2025-40207 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does…
CVE-2025-59491 2025-11-12 MEDIUM 6.1 Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
CVE-2025-52331 2025-11-12 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and…
CVE-2025-43205 2025-11-12 MEDIUM 6.5 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app…
CVE-2025-40206 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash…
CVE-2025-40205 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it…
CVE-2025-40204 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant…
CVE-2025-40203 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: listmount: don't call path_put() under namespace semaphore Massage listmount() and make sure we don't call path_put() under the…
CVE-2025-40202 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of…
CVE-2025-40201 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader) in sys_prlimit64()->do_prlimit() path is…
CVE-2025-40200 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is…
CVE-2025-40199 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let…
CVE-2025-40198 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs…
CVE-2025-40197 2025-11-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device…
« Anterior Página 660 de 4299 Siguiente »