Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8623 2025-09-30 MEDIUM 6.4 The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmaps_menu shortcode in all versions up to, and including, 1.2.0 due…
CVE-2025-8608 2025-09-30 MEDIUM 6.4 The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due…
CVE-2025-8566 2025-09-30 MEDIUM 6.4 The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the CountUp and Google Maps Blocks in all versions up to,…
CVE-2025-8560 2025-09-30 MEDIUM 6.4 The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization…
CVE-2025-8559 2025-09-30 MEDIUM 6.5 The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes…
CVE-2025-8214 2025-09-30 MEDIUM 6.4 The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typing Letter widget in all versions up to, and including, 2.1.5…
CVE-2025-8122 2025-09-30 N/A 0.0 Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip.…
CVE-2025-8121 2025-09-30 N/A 0.0 Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and…
CVE-2025-8120 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-8119 2025-09-30 N/A 0.0 PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a…
CVE-2025-8118 2025-09-30 N/A 0.0 PAD CMS implements weak client-side brute-force protection by utilizing two cookies:  login_count and login_timeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker…
CVE-2025-8117 2025-09-30 N/A 0.0 PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all…
CVE-2025-8116 2025-09-30 N/A 0.0 PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in…
CVE-2025-7065 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-7063 2025-09-30 N/A 0.0 Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can…
CVE-2025-7052 2025-09-30 HIGH 8.8 The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the…
CVE-2025-7038 2025-09-30 HIGH 8.2 The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up…
CVE-2025-6941 2025-09-30 MEDIUM 6.4 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepoint_resources' shortcode in…
CVE-2025-6815 2025-09-30 MEDIUM 5.5 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ parameter in all versions up to,…
CVE-2025-61633 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61632 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61631 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61630 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61629 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61628 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61627 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61626 2025-09-30 N/A 0.0 Rejected reason: Not used
CVE-2025-61584 2025-09-30 N/A 0.0 serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action…
CVE-2025-59668 2025-09-30 HIGH 7.5 Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.
CVE-2025-41099 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41098 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a  misuse of the general enquiry web service.
CVE-2025-41097 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41096 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41095 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41094 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41093 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41092 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41091 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-11163 2025-09-30 MEDIUM 4.3 The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in…
CVE-2025-10196 2025-09-30 MEDIUM 6.4 The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplace_embed' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-10191 2025-09-30 MEDIUM 6.4 The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wooboigpost_shipping_status' shortcode in all versions up to, and including, 2.1.1…
CVE-2025-10189 2025-09-30 MEDIUM 6.4 The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdm_login' shortcode in all versions up to, and including, 1.0.0 due to…
CVE-2025-10182 2025-09-30 MEDIUM 6.4 The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input…
CVE-2025-10179 2025-09-30 MEDIUM 6.4 The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-10168 2025-09-30 MEDIUM 6.4 The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'any-ticker' shortcode in all versions up to, and including, 3.1.1 due to…
CVE-2025-10131 2025-09-30 MEDIUM 6.4 The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due…
CVE-2025-10130 2025-09-30 MEDIUM 6.4 The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input…
CVE-2025-10128 2025-09-30 MEDIUM 6.4 The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to…
CVE-2025-10000 2025-09-30 MEDIUM 6.4 The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blob_to_file() function in…
CVE-2025-59952 2025-09-30 N/A 0.0 MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions…
« Anterior Página 785 de 4304 Siguiente »