Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-26499 2025-09-11 MEDIUM 6.0 Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for…
CVE-2025-10254 2025-09-11 LOW 3.5 A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler.…
CVE-2025-8716 2025-09-11 N/A 0.0 In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.
CVE-2025-58145 2025-09-11 HIGH 7.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging…
CVE-2025-58144 2025-09-11 HIGH 7.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging…
CVE-2025-58143 2025-09-11 CRITICAL 9.8 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of…
CVE-2025-58142 2025-09-11 CRITICAL 9.8 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of…
CVE-2025-27466 2025-09-11 CRITICAL 9.8 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of…
CVE-2025-10253 2025-09-11 LOW 3.5 A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument…
CVE-2025-10252 2025-09-11 LOW 3.1 A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes…
CVE-2025-10193 2025-09-11 N/A 0.0 DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack…
CVE-2025-10251 2025-09-11 MEDIUM 6.3 A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results…
CVE-2025-9018 2025-09-11 HIGH 8.8 The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_table_function' and 'tt_delete_record_function' functions in…
CVE-2025-40696 2025-09-11 N/A 0.0 Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user…
CVE-2025-40695 2025-09-11 N/A 0.0 Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user…
CVE-2025-40694 2025-09-11 N/A 0.0 Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user…
CVE-2025-40693 2025-09-11 N/A 0.0 Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation…
CVE-2025-40692 2025-09-11 N/A 0.0 SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint…
CVE-2025-40691 2025-09-11 N/A 0.0 SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'todate' parameter in the endpoint…
CVE-2025-40690 2025-09-11 N/A 0.0 SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.
CVE-2025-40689 2025-09-11 N/A 0.0 SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters…
CVE-2025-40687 2025-09-11 N/A 0.0 SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters…
CVE-2025-10250 2025-09-11 MEDIUM 5.0 A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can…
CVE-2025-58321 2025-09-11 CRITICAL 10.0 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2025-58320 2025-09-11 HIGH 7.3 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2025-48041 2025-09-11 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue…
CVE-2025-48040 2025-09-11 N/A 0.0 Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP…
CVE-2025-48039 2025-09-11 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.…
CVE-2025-48038 2025-09-11 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.…
CVE-2025-9918 2025-09-11 N/A 0.0 A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to…
CVE-2025-9874 2025-09-11 HIGH 7.5 The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. This makes it…
CVE-2025-9861 2025-09-11 MEDIUM 6.4 The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'los_showposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient…
CVE-2025-9860 2025-09-11 MEDIUM 6.4 The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input…
CVE-2025-9855 2025-09-11 MEDIUM 6.4 The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplug_authors' shortcode in all versions up to, and including, 1.3.8 due to insufficient…
CVE-2025-9850 2025-09-11 MEDIUM 6.4 The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'evenium_single_event' shortcode in all versions up to, and including, 1.3.11 due to insufficient input…
CVE-2025-9693 2025-09-11 HIGH 8.0 The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-9635 2025-09-11 MEDIUM 4.3 The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or…
CVE-2025-9634 2025-09-11 MEDIUM 4.3 The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect…
CVE-2025-9633 2025-09-11 MEDIUM 4.3 The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce…
CVE-2025-9632 2025-09-11 MEDIUM 4.3 The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce…
CVE-2025-9631 2025-09-11 MEDIUM 4.3 The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation…
CVE-2025-9628 2025-09-11 MEDIUM 4.3 The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing…
CVE-2025-9627 2025-09-11 MEDIUM 4.3 The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce…
CVE-2025-9623 2025-09-11 MEDIUM 4.3 The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing…
CVE-2025-9620 2025-09-11 MEDIUM 6.1 The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce…
CVE-2025-9617 2025-09-11 MEDIUM 5.3 The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce…
CVE-2025-9451 2025-09-11 MEDIUM 6.5 The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to…
CVE-2025-9128 2025-09-11 MEDIUM 6.4 The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.9.3 due to insufficient input…
CVE-2025-9123 2025-09-11 MEDIUM 6.4 The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions…
CVE-2025-9073 2025-09-11 HIGH 7.5 The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 3.2 due to insufficient…
« Anterior Página 841 de 4304 Siguiente »