Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-57653 2026-06-26 HIGH 8.5 Contributor SQL Injection in WP Job Portal
CVE-2026-57652 2026-06-26 MEDIUM 5.3 Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk
CVE-2026-57647 2026-06-26 HIGH 7.5 Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer
CVE-2026-57646 2026-06-26 MEDIUM 5.4 Subscriber Insecure Direct Object References (IDOR) in Majestic Support
CVE-2026-57641 2026-06-26 MEDIUM 6.5 Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7
CVE-2026-57640 2026-06-26 MEDIUM 4.3 Subscriber Broken Access Control in MasterStudy LMS
CVE-2026-57634 2026-06-26 MEDIUM 4.3 Contributor Insecure Direct Object References (IDOR) in PPWP
CVE-2026-57633 2026-06-26 MEDIUM 5.3 Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare
CVE-2026-57628 2026-06-26 HIGH 7.6 Administrator SQL Injection in WP All Import
CVE-2026-57627 2026-06-26 MEDIUM 4.9 Subscriber Server Side Request Forgery (SSRF) in Kirki
CVE-2026-57430 2026-06-26 MEDIUM 4.3 Contributor Broken Access Control in SEOPress PRO
CVE-2026-57325 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in NanoMag
CVE-2026-57319 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in FOX
CVE-2026-57318 2026-06-26 MEDIUM 6.5 Subscriber Sensitive Data Exposure in Site Reviews
CVE-2026-57313 2026-06-26 MEDIUM 6.5 Subscriber Cross Site Scripting (XSS) in SureCart
CVE-2026-57312 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Everest Forms
CVE-2026-56067 2026-06-26 CRITICAL 9.3 Unauthenticated SQL Injection in JetSmartFilters
CVE-2026-56066 2026-06-26 MEDIUM 5.8 Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images
CVE-2026-56060 2026-06-26 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce
CVE-2026-56059 2026-06-26 CRITICAL 9.9 Subscriber Arbitrary File Upload in Travel Booking
CVE-2026-56047 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in perfmatters
CVE-2026-56046 2026-06-26 MEDIUM 6.5 Subscriber Cross Site Scripting (XSS) in ListingPro
CVE-2026-56040 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form
CVE-2026-56039 2026-06-26 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider
CVE-2026-56033 2026-06-26 CRITICAL 9.8 Unauthenticated Privilege Escalation in Dokan Pro
CVE-2026-56032 2026-06-26 CRITICAL 9.8 Subscriber PHP Object Injection in Buddyboss Platform
CVE-2026-56027 2026-06-26 CRITICAL 9.9 Customer Arbitrary File Upload in Booster for WooCommerce
CVE-2026-56026 2026-06-26 MEDIUM 6.4 Subscriber Server Side Request Forgery (SSRF) in utm.codes
CVE-2026-54847 2026-06-26 HIGH 7.5 Unauthenticated Broken Access Control in Stylish Cost Calculator
CVE-2026-54846 2026-06-26 HIGH 7.5 Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale
CVE-2026-54834 2026-06-26 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone
CVE-2026-54833 2026-06-26 HIGH 7.4 Unauthenticated Backdoor in Enable CORS
CVE-2026-54825 2026-06-26 CRITICAL 9.3 Unauthenticated SQL Injection in wpDataTables
CVE-2026-54824 2026-06-26 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Ads by WPQuads
CVE-2026-54090 2026-06-25 N/A 0.0 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured…
CVE-2026-4339 2026-06-26 MEDIUM 6.5 Mattermost versions 10.11.x
CVE-2026-3472 2026-06-26 LOW 3.5 Mattermost versions 10.11.x
CVE-2026-13226 2026-06-26 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including,…
CVE-2025-68074 2026-06-26 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Image Carousel
CVE-2025-68064 2026-06-26 HIGH 7.5 Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.
CVE-2025-64636 2026-06-26 MEDIUM 5.3 Unauthenticated Broken Access Control in Donation Thermometer
CVE-2025-63079 2026-06-26 MEDIUM 4.3 Contributor Broken Access Control in Live Copy Paste for Elementor
CVE-2026-57926 2026-06-26 LOW 2.6 In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
CVE-2026-57925 2026-06-26 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CVE-2026-57924 2026-06-26 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
CVE-2026-57923 2026-06-26 MEDIUM 5.3 In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
CVE-2026-57922 2026-06-26 LOW 3.1 In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CVE-2026-57921 2026-06-26 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
CVE-2026-13426 2026-06-26 MEDIUM 5.4 The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended…
CVE-2026-50745 2026-06-26 MEDIUM 4.7 A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output…
« Anterior Página 9 de 4502 Siguiente »