Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-24378	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through
CVE-2026-24376	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through
CVE-2026-24373	2026-03-25	N/A	0.0	Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through
CVE-2026-24372	2026-03-25	N/A	0.0	Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through
CVE-2026-24369	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-24364	2026-03-25	N/A	0.0	Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through
CVE-2026-24363	2026-03-25	N/A	0.0	Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment…
CVE-2026-24362	2026-03-25	N/A	0.0	Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through
CVE-2026-24359	2026-03-25	N/A	0.0	Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through
CVE-2026-23977	2026-03-25	N/A	0.0	Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce:…
CVE-2026-23972	2026-03-25	N/A	0.0	Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through
CVE-2026-23971	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through
CVE-2026-23806	2026-03-25	N/A	0.0	Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through
CVE-2026-23636	2026-03-25	MEDIUM	5.5	Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of…
CVE-2026-23635	2026-03-25	MEDIUM	6.5	Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport…
CVE-2026-22516	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from…
CVE-2026-22515	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from…
CVE-2026-22514	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from…
CVE-2026-22513	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from…
CVE-2026-22512	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from…
CVE-2026-22511	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from…
CVE-2026-22510	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through
CVE-2026-22509	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from…
CVE-2026-22508	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from…
CVE-2026-22507	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through
CVE-2026-22506	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from…
CVE-2026-22505	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through
CVE-2026-22504	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from…
CVE-2026-22503	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from…
CVE-2026-22502	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr.…
CVE-2026-22500	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 \| Construction and Tools Store: from n/a through
CVE-2026-22499	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from…
CVE-2026-22498	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from…
CVE-2026-22496	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from…
CVE-2026-22495	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from…
CVE-2026-22494	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good…
CVE-2026-22493	2026-03-25	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from…
CVE-2026-22485	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through
CVE-2026-22484	2026-03-25	N/A	0.0	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through
CVE-2026-22480	2026-03-25	N/A	0.0	Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through
CVE-2026-22448	2026-03-25	N/A	0.0	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through
CVE-2026-20719	2026-03-25	MEDIUM	4.3	Mattermost versions 11.4.x
CVE-2026-1724	2026-03-25	MEDIUM	6.8	GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated…
CVE-2026-1712	2026-03-25	N/A	0.0	Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.
CVE-2025-69358	2026-03-25	N/A	0.0	Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through
CVE-2025-69347	2026-03-25	N/A	0.0	Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through
CVE-2025-14595	2026-03-25	MEDIUM	4.3	GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have…
CVE-2025-13436	2026-03-25	MEDIUM	6.5	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2025-13078	2026-03-25	MEDIUM	6.5	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-3214	2026-03-25	N/A	0.0	Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

« Anterior Página 80 de 4159 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte