Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11915 2025-10-22 N/A 0.0 Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not…
CVE-2025-41110 2025-10-22 N/A 0.0 Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view…
CVE-2025-41109 2025-10-22 N/A 0.0 Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms…
CVE-2025-41108 2025-10-22 N/A 0.0 The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control…
CVE-2025-11952 2025-10-22 N/A 0.0 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the…
CVE-2025-11883 2025-10-22 MEDIUM 6.4 The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to…
CVE-2025-11880 2025-10-22 MEDIUM 6.4 The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to…
CVE-2025-11878 2025-10-22 MEDIUM 6.4 The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's st-categories shortcode in versions less than, or equal to, 1.0.0. This is…
CVE-2025-11872 2025-10-22 MEDIUM 6.4 The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2…
CVE-2025-11870 2025-10-22 MEDIUM 6.4 The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simple_business_data' shortcode attributes in all versions up to, and including, 1.0.1. This is due…
CVE-2025-11867 2025-10-22 MEDIUM 6.4 The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `book_author` post meta, rendered through the `[book_author]` shortcode, in all versions up to,…
CVE-2025-11866 2025-10-22 MEDIUM 6.4 The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes (`w`, `h`, `raw_css`, `look`, etc.) in all versions up to, and including,…
CVE-2025-11834 2025-10-22 MEDIUM 6.4 The WP AD Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'startindex' parameter of the ad-gallery shortcode in all versions up to, and including,…
CVE-2025-11830 2025-10-22 MEDIUM 6.4 The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurant_summary shortcode in all versions up to, and including,…
CVE-2025-11827 2025-10-22 MEDIUM 6.4 The Oboxmedia Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_widget' and 'after_widget' parameters of the oboxads-ad-widget shortcode in all versions up to, and…
CVE-2025-11825 2025-10-22 MEDIUM 6.4 The Playerzbr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'urlmeta' post meta field in all versions up to, and including, 1.6 due to insufficient…
CVE-2025-11824 2025-10-22 MEDIUM 6.4 The Cinza Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cgrid_skin_content' post meta field in all versions up to, and including, 1.2.1 due to…
CVE-2025-11819 2025-10-22 MEDIUM 6.4 The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient…
CVE-2025-11818 2025-10-22 MEDIUM 6.4 The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprm_team' shortcode in all versions up to, and including, 1.0.1. This…
CVE-2025-11817 2025-10-22 MEDIUM 6.4 The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due…
CVE-2025-11813 2025-10-22 MEDIUM 6.4 The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive_map' shortcode in all versions up to, and including, 1.0.2. This is due…
CVE-2025-11811 2025-10-22 MEDIUM 6.4 The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embed_youtube' shortcode in all versions up to, and including, 1.1.3. This is due…
CVE-2025-11810 2025-10-22 MEDIUM 6.4 The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due…
CVE-2025-11809 2025-10-22 MEDIUM 6.4 The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due…
CVE-2025-11807 2025-10-22 MEDIUM 6.4 The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to…
CVE-2025-11804 2025-10-22 MEDIUM 6.4 The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and…
CVE-2025-10138 2025-10-22 MEDIUM 6.4 The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input…
CVE-2025-10047 2025-10-22 MEDIUM 4.9 The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby'…
CVE-2025-41724 2025-10-22 HIGH 7.5 An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is…
CVE-2025-41723 2025-10-22 CRITICAL 9.8 The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
CVE-2025-41722 2025-10-22 HIGH 7.5 The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected…
CVE-2025-41721 2025-10-22 LOW 2.7 A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.
CVE-2025-41720 2025-10-22 MEDIUM 4.3 A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is…
CVE-2025-41719 2025-10-22 HIGH 8.8 A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously…
CVE-2025-12033 2025-10-22 MEDIUM 4.4 The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pro_version_activation_code'…
CVE-2025-10588 2025-10-22 MEDIUM 4.3 The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This…
CVE-2025-10570 2025-10-22 MEDIUM 4.3 The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function.…
CVE-2025-5983 2025-10-22 MEDIUM 6.5 The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.
CVE-2025-10651 2025-10-22 MEDIUM 5.5 The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient…
CVE-2025-10638 2025-10-22 MEDIUM 5.3 The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers…
CVE-2025-62775 2025-10-22 HIGH 8.0 Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.
CVE-2025-62774 2025-10-22 LOW 3.1 On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.
CVE-2025-62773 2025-10-22 LOW 2.4 Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.
CVE-2025-62772 2025-10-22 LOW 3.1 On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.
CVE-2025-62771 2025-10-22 HIGH 7.5 Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.
CVE-2024-58274 2025-10-22 HIGH 8.3 Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in…
CVE-2023-53691 2025-10-22 HIGH 8.3 Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
CVE-2025-22167 2025-10-22 N/A 0.0 This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path…
CVE-2025-62611 2025-10-22 N/A 0.0 aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL…
CVE-2025-62610 2025-10-22 HIGH 8.1 Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a…
« Anterior Página 723 de 4303 Siguiente »