Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9979 2025-09-10 MEDIUM 4.3 The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes…
CVE-2025-9888 2025-09-10 MEDIUM 4.3 The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing…
CVE-2025-9857 2025-09-10 MEDIUM 6.4 The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heateor_Facebook_Login' shortcode in all versions up to, and including,…
CVE-2025-9622 2025-09-10 MEDIUM 4.3 The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due…
CVE-2025-9463 2025-09-10 MEDIUM 6.5 The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions…
CVE-2025-9367 2025-09-10 MEDIUM 5.5 The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insufficient input sanitization and…
CVE-2025-8778 2025-09-10 MEDIUM 4.3 The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and…
CVE-2025-7843 2025-09-10 MEDIUM 6.4 The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetch_images() function. This…
CVE-2025-7826 2025-09-10 MEDIUM 6.5 The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the…
CVE-2025-7049 2025-09-10 HIGH 8.8 The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due…
CVE-2025-6189 2025-09-10 MEDIUM 6.5 The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘meta_key’ parameter in all versions up to, and including, 2.9.5 due to…
CVE-2025-41714 2025-09-10 HIGH 8.8 The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended…
CVE-2025-10142 2025-09-10 MEDIUM 4.9 The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due…
CVE-2025-10126 2025-09-10 MEDIUM 6.4 The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient…
CVE-2025-10095 2025-09-09 N/A 0.0 A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions.…
CVE-2025-10049 2025-09-10 HIGH 7.2 The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to,…
CVE-2025-10040 2025-09-10 HIGH 7.7 The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2025-10001 2025-09-10 HIGH 7.2 The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import…
CVE-2025-8388 2025-09-10 MEDIUM 6.4 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor_url’ parameter in all versions up to, and…
CVE-2025-10197 2025-09-10 MEDIUM 6.3 A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation…
CVE-2025-59044 2025-09-09 MEDIUM 4.4 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf…
CVE-2025-59042 2025-09-09 N/A 0.0 PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to `sys.path` during the bootstrap process of a…
CVE-2025-59039 2025-09-09 N/A 0.0 Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes…
CVE-2025-59038 2025-09-09 N/A 0.0 Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware…
CVE-2025-58750 2025-09-09 HIGH 8.2 rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result…
CVE-2025-58448 2025-09-09 CRITICAL 9.1 rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName`…
CVE-2025-58447 2025-09-09 CRITICAL 9.8 rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote…
CVE-2025-9997 2025-09-09 N/A 0.0 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the…
CVE-2025-59036 2025-09-09 MEDIUM 5.5 Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that…
CVE-2025-58135 2025-09-09 MEDIUM 5.3 Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-9872 2025-09-09 HIGH 8.8 Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is…
CVE-2025-9712 2025-09-09 HIGH 8.8 Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is…
CVE-2025-58134 2025-09-09 MEDIUM 4.3 Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
CVE-2025-58131 2025-09-09 MEDIUM 6.6 Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow…
CVE-2025-54260 2025-09-09 HIGH 7.8 Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end…
CVE-2025-54259 2025-09-09 HIGH 7.8 Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-54258 2025-09-09 HIGH 7.8 Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-49461 2025-09-09 MEDIUM 4.3 Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-49460 2025-09-09 MEDIUM 4.3 Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2025-49459 2025-09-09 HIGH 7.8 Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local…
CVE-2025-49458 2025-09-09 MEDIUM 6.5 Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-10171 2025-09-09 HIGH 8.8 A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation…
CVE-2025-9996 2025-09-09 N/A 0.0 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a…
CVE-2025-7746 2025-09-09 N/A 0.0 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify…
CVE-2025-59037 2025-09-09 N/A 0.0 DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other…
CVE-2025-58768 2025-09-09 CRITICAL 9.6 DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to…
CVE-2025-58765 2025-09-09 HIGH 7.1 wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the 404 error handling logic of…
CVE-2025-58763 2025-09-09 HIGH 8.0 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to…
CVE-2025-58462 2025-09-09 CRITICAL 9.8 OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying…
CVE-2025-54255 2025-09-09 MEDIUM 4.0 Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of…
« Anterior Página 845 de 4304 Siguiente »