Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-60449 2025-10-03 MEDIUM 4.9 An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators…
CVE-2025-60448 2025-10-03 MEDIUM 6.1 A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component,…
CVE-2025-60447 2025-10-03 MEDIUM 5.9 A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators…
CVE-2025-60445 2025-10-03 MEDIUM 6.1 A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component,…
CVE-2025-57423 2025-10-03 N/A 0.0 A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input…
CVE-2025-34226 2025-10-03 N/A 0.0 OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce…
CVE-2025-54089 2025-10-02 N/A 0.0 CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to…
CVE-2025-10729 2025-10-03 N/A 0.0 The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading…
CVE-2025-10728 2025-10-03 N/A 0.0 When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS
CVE-2025-10547 2025-10-03 HIGH 8.8 An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance…
CVE-2025-10609 2025-10-03 MEDIUM 5.9 Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
CVE-2025-9945 2025-10-03 MEDIUM 4.3 The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or…
CVE-2025-9897 2025-10-03 MEDIUM 4.3 The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce…
CVE-2025-9895 2025-10-03 MEDIUM 4.3 The Notification Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce…
CVE-2025-9892 2025-10-03 MEDIUM 5.3 The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect…
CVE-2025-9889 2025-10-03 MEDIUM 4.3 The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect…
CVE-2025-9885 2025-10-03 MEDIUM 4.3 The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due…
CVE-2025-9884 2025-10-03 MEDIUM 6.1 The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect…
CVE-2025-9876 2025-10-03 MEDIUM 6.4 The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient…
CVE-2025-9875 2025-10-03 MEDIUM 6.4 The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticket_spot' shortcode in all versions up to, and including, 1.0.2 due…
CVE-2025-9859 2025-10-03 MEDIUM 6.4 The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient…
CVE-2025-9858 2025-10-03 MEDIUM 6.4 The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abf_vehicle' shortcode in all versions up to, and including, 2.8.0…
CVE-2025-9854 2025-10-03 MEDIUM 6.4 The A Simple Multilanguage Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'asmp-switcher' shortcode in all versions up to, and including, 1.0 due…
CVE-2025-9630 2025-10-03 MEDIUM 4.3 The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce…
CVE-2025-9561 2025-10-03 HIGH 8.8 The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider() handler in versions 3.8.1 to…
CVE-2025-9372 2025-10-03 MEDIUM 5.5 The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization…
CVE-2025-9333 2025-10-03 MEDIUM 5.5 The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization…
CVE-2025-9332 2025-10-03 MEDIUM 5.5 The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6…
CVE-2025-9286 2025-10-03 CRITICAL 9.8 The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to,…
CVE-2025-9213 2025-10-03 HIGH 8.8 The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken'…
CVE-2025-9212 2025-10-03 HIGH 7.5 The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wp_dispatcher_process_upload() function in all versions up to, and…
CVE-2025-9209 2025-10-03 CRITICAL 9.8 The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user…
CVE-2025-9206 2025-10-03 MEDIUM 6.4 The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is…
CVE-2025-9204 2025-10-03 MEDIUM 6.4 The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.14.…
CVE-2025-9200 2025-10-03 HIGH 7.5 The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all…
CVE-2025-9199 2025-10-03 MEDIUM 6.5 The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including,…
CVE-2025-9198 2025-10-03 MEDIUM 6.5 The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient…
CVE-2025-9194 2025-10-03 MEDIUM 4.3 The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean() function in all versions up to, and…
CVE-2025-9130 2025-10-03 MEDIUM 6.4 The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unify_checkout shortcode in all versions up to, and including, 3.4.7 due to…
CVE-2025-9129 2025-10-03 MEDIUM 6.4 The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to…
CVE-2025-9080 2025-10-03 MEDIUM 6.4 The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.4 and earlier. This is due to insufficient input sanitization…
CVE-2025-9077 2025-10-03 MEDIUM 6.4 The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and…
CVE-2025-9045 2025-10-03 MEDIUM 6.4 The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.8 due to insufficient…
CVE-2025-8776 2025-10-03 MEDIUM 6.4 The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-8669 2025-10-03 MEDIUM 4.3 The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This…
CVE-2025-7825 2025-10-03 MEDIUM 6.3 The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for WordPress is vulnerable to Object Instantiation in all versions up to, and including, 4.3.2 via deserialization of untrusted…
CVE-2025-7721 2025-10-03 CRITICAL 9.8 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,…
CVE-2025-49641 2025-10-03 N/A 0.0 A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of…
CVE-2025-40636 2025-10-03 N/A 0.0 SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts…
CVE-2025-27237 2025-10-03 N/A 0.0 In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege…
« Anterior Página 774 de 4304 Siguiente »