Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2020-36853 2025-10-18 HIGH 7.2 The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and…
CVE-2017-20208 2025-10-18 CRITICAL 9.8 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive)…
CVE-2017-20207 2025-10-18 CRITICAL 9.8 The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager `…
CVE-2017-20206 2025-10-18 CRITICAL 9.8 The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This…
CVE-2025-62640 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62639 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62638 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62637 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62636 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62635 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62634 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62633 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62632 2025-10-18 N/A 0.0 Rejected reason: Not used
CVE-2025-62651 2025-10-17 MEDIUM 6.5 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVE-2025-62650 2025-10-17 HIGH 8.3 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVE-2025-62649 2025-10-17 MEDIUM 5.8 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
CVE-2025-62648 2025-10-17 MEDIUM 6.4 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
CVE-2025-62647 2025-10-17 MEDIUM 5.0 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed…
CVE-2025-62646 2025-10-17 MEDIUM 5.0 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
CVE-2025-62645 2025-10-17 CRITICAL 9.9 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken…
CVE-2025-62644 2025-10-17 MEDIUM 5.0 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
CVE-2025-62643 2025-10-17 LOW 3.4 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
CVE-2025-62642 2025-10-17 MEDIUM 5.8 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote…
CVE-2025-62655 2025-10-17 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension:…
CVE-2025-62654 2025-10-17 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension:…
CVE-2025-62653 2025-10-17 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension:…
CVE-2025-62652 2025-10-17 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension:…
CVE-2025-62515 2025-10-17 CRITICAL 9.8 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads() to deserialize action bodies received…
CVE-2025-62508 2025-10-17 MEDIUM 6.5 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header…
CVE-2025-11914 2025-10-17 MEDIUM 4.3 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument…
CVE-2025-62511 2025-10-17 MEDIUM 6.3 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in the creation of…
CVE-2025-60514 2025-10-17 MEDIUM 6.5 Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts.
CVE-2025-57164 2025-10-17 MEDIUM 6.5 Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
CVE-2025-11925 2025-10-17 N/A 0.0 Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through…
CVE-2025-11913 2025-10-17 MEDIUM 4.3 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the…
CVE-2025-11912 2025-10-17 MEDIUM 6.3 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes…
CVE-2025-11911 2025-10-17 MEDIUM 6.3 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in…
CVE-2025-11910 2025-10-17 MEDIUM 6.3 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField…
CVE-2025-62505 2025-10-17 LOW 3.0 LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.search.crawlPages tRPC endpoint. A client can…
CVE-2025-56320 2025-10-17 N/A 0.0 Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code
CVE-2025-56316 2025-10-17 N/A 0.0 A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the…
CVE-2025-56221 2025-10-17 CRITICAL 9.8 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.
CVE-2025-56218 2025-10-17 N/A 0.0 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2025-34282 2025-10-17 N/A 0.0 ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references…
CVE-2025-34281 2025-10-17 N/A 0.0 ThingsBoard versions < 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript,…
CVE-2025-11909 2025-10-17 MEDIUM 6.3 A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument…
CVE-2025-11908 2025-10-17 MEDIUM 6.3 A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the…
CVE-2024-31573 2025-10-17 MEDIUM 4.0 XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.
CVE-2025-62430 2025-10-17 MEDIUM 5.4 ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For…
CVE-2025-62424 2025-10-17 MEDIUM 6.7 ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path…
« Anterior Página 733 de 4304 Siguiente »