Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40001 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls…
CVE-2025-11256 2025-10-18 MEDIUM 5.3 The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and…
CVE-2025-10750 2025-10-18 MEDIUM 5.3 The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks…
CVE-2025-9562 2025-10-18 MEDIUM 6.4 The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qs_date shortcode in all versions up to, and including, 3.2.6…
CVE-2025-11741 2025-10-18 MEDIUM 5.3 The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint…
CVE-2025-11703 2025-10-18 MEDIUM 5.3 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to…
CVE-2025-11691 2025-10-18 HIGH 7.5 The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and…
CVE-2025-11519 2025-10-18 MEDIUM 4.3 The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference…
CVE-2025-11517 2025-10-18 HIGH 7.5 The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint…
CVE-2025-11510 2025-10-18 MEDIUM 4.3 The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2025-11391 2025-10-18 CRITICAL 9.8 The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image…
CVE-2025-11372 2025-10-18 MEDIUM 6.5 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing…
CVE-2025-11270 2025-10-18 MEDIUM 6.4 The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions…
CVE-2025-10187 2025-10-18 MEDIUM 4.9 The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including,…
CVE-2025-10006 2025-10-18 MEDIUM 6.4 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in all versions up to, and including, 8.6 due to…
CVE-2025-11937 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-11857 2025-10-18 MEDIUM 6.4 The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxp_fb2wp_display_embed' shortcode in all versions up to, and including, 1.9.9. This is due…
CVE-2025-11742 2025-10-18 MEDIUM 4.3 The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in…
CVE-2025-11738 2025-10-18 MEDIUM 5.3 The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it…
CVE-2025-62671 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62670 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62669 2025-10-18 N/A 0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from…
CVE-2025-62668 2025-10-18 N/A 0.0 Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.
CVE-2025-62667 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62666 2025-10-18 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before…
CVE-2025-62664 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62663 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62662 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - AdvancedSearch Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-11361 2025-10-18 MEDIUM 6.4 The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-62665 2025-10-18 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stored XSS.This issue affects Mediawiki - Skin:BlueSky: from…
CVE-2025-11378 2025-10-18 MEDIUM 5.4 The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2020-36854 2025-10-18 MEDIUM 6.4 The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the…
CVE-2020-36853 2025-10-18 HIGH 7.2 The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and…
CVE-2017-20208 2025-10-18 CRITICAL 9.8 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive)…
CVE-2017-20207 2025-10-18 CRITICAL 9.8 The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager `…
CVE-2017-20206 2025-10-18 CRITICAL 9.8 The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This…
CVE-2025-62640 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62639 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62638 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62637 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62636 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62635 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62634 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62633 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62632 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62651 2025-10-17 MEDIUM 6.5 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVE-2025-62650 2025-10-17 HIGH 8.3 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVE-2025-62649 2025-10-17 MEDIUM 5.8 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
CVE-2025-62648 2025-10-17 MEDIUM 6.4 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
CVE-2025-62647 2025-10-17 MEDIUM 5.0 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed…
« Anterior Página 70 de 3641 Siguiente »