Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9383 2025-08-24 LOW 2.5 A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of…
CVE-2025-9382 2025-08-24 MEDIUM 6.4 A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1_rf_test_config of the component Telnet Sevice. Executing manipulation can…
CVE-2025-9381 2025-08-24 LOW 1.6 A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The…
CVE-2025-9380 2025-08-24 HIGH 7.8 A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation…
CVE-2025-9379 2025-08-24 HIGH 7.2 A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of…
CVE-2025-8208 2025-08-24 MEDIUM 6.4 The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due…
CVE-2025-36174 2025-08-24 HIGH 8.0 IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.
CVE-2025-36157 2025-08-24 CRITICAL 9.8 IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that…
CVE-2025-9363 2025-08-23 HIGH 8.8 A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the…
CVE-2025-9362 2025-08-23 MEDIUM 6.3 A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation…
CVE-2025-9361 2025-08-23 HIGH 8.8 A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of…
CVE-2025-9360 2025-08-23 HIGH 8.8 A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of…
CVE-2025-9359 2025-08-23 HIGH 8.8 A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of…
CVE-2025-9358 2025-08-23 HIGH 8.8 A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation…
CVE-2025-5821 2025-08-23 CRITICAL 9.8 The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly…
CVE-2025-5352 2025-08-23 HIGH 8.1 A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly injected into the…
CVE-2025-5060 2025-08-23 HIGH 8.1 The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging…
CVE-2025-9357 2025-08-23 HIGH 8.8 A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument…
CVE-2025-7813 2025-08-23 HIGH 7.2 The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37…
CVE-2025-9131 2025-08-23 MEDIUM 6.4 The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to…
CVE-2025-9048 2025-08-23 HIGH 8.1 The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including,…
CVE-2025-8062 2025-08-23 MEDIUM 6.4 The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ws_weather shortcode in all versions up to, and including, 2.0.0 due to…
CVE-2025-7957 2025-08-23 MEDIUM 6.4 The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_link_target’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization…
CVE-2025-7842 2025-08-23 MEDIUM 4.3 The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect…
CVE-2025-7841 2025-08-23 MEDIUM 4.3 The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.…
CVE-2025-7839 2025-08-23 MEDIUM 4.3 The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due…
CVE-2025-7828 2025-08-23 MEDIUM 4.3 The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in…
CVE-2025-7827 2025-08-23 MEDIUM 4.3 The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all…
CVE-2025-7821 2025-08-23 MEDIUM 5.3 The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up…
CVE-2025-7642 2025-08-23 CRITICAL 9.8 The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity…
CVE-2025-43766 2025-08-23 N/A 0.0 The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload…
CVE-2025-43765 2025-08-23 N/A 0.0 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA…
CVE-2025-43764 2025-08-23 N/A 0.0 Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through…
CVE-2025-43767 2025-08-23 N/A 0.0 Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update…
CVE-2025-58043 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58042 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58041 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58040 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58039 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58038 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58037 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58036 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-58035 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-43769 2025-08-23 N/A 0.0 Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update…
CVE-2025-43768 2025-08-23 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated…
CVE-2025-24469 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-24468 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-22864 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-22863 2025-08-23 N/A 0.0 Rejected reason: Not used
CVE-2025-22861 2025-08-23 N/A 0.0 Rejected reason: Not used
« Anterior Página 891 de 4304 Siguiente »