Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8767 2025-08-12 MEDIUM 4.8 The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes…
CVE-2025-8482 2025-08-12 MEDIUM 4.3 The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar()…
CVE-2025-8418 2025-08-12 HIGH 8.8 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due…
CVE-2025-47444 2025-08-12 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.
CVE-2025-8081 2025-08-12 MEDIUM 4.9 The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on…
CVE-2025-6253 2025-08-12 HIGH 7.5 The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the…
CVE-2025-3892 2025-08-12 MEDIUM 6.7 ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the…
CVE-2025-30027 2025-08-12 MEDIUM 6.7 An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to…
CVE-2025-8314 2025-08-12 MEDIUM 6.4 The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient…
CVE-2025-8059 2025-08-12 CRITICAL 9.8 The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to,…
CVE-2025-7622 2025-08-12 N/A 0.0 During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
CVE-2025-8690 2025-08-12 MEDIUM 6.4 The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output…
CVE-2025-8688 2025-08-12 MEDIUM 6.4 The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to…
CVE-2025-8685 2025-08-12 MEDIUM 6.4 The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to…
CVE-2025-8621 2025-08-12 MEDIUM 6.4 The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input…
CVE-2025-8568 2025-08-12 MEDIUM 6.4 The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input…
CVE-2025-8462 2025-08-12 MEDIUM 6.4 The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to,…
CVE-2025-5391 2025-08-12 HIGH 8.1 The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to,…
CVE-2025-4390 2025-08-12 MEDIUM 5.3 The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes…
CVE-2025-42976 2025-08-12 HIGH 8.1 SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption…
CVE-2025-42975 2025-08-12 MEDIUM 6.1 SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script.…
CVE-2025-42957 2025-08-12 CRITICAL 9.9 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code…
CVE-2025-42955 2025-08-12 LOW 3.5 Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible…
CVE-2025-42951 2025-08-12 HIGH 8.8 Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it…
CVE-2025-42950 2025-08-12 CRITICAL 9.9 SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary…
CVE-2025-42949 2025-08-12 MEDIUM 4.9 Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console.…
CVE-2025-42948 2025-08-12 MEDIUM 6.1 Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated…
CVE-2025-42946 2025-08-12 MEDIUM 6.9 Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management…
CVE-2025-42945 2025-08-12 MEDIUM 6.1 SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with…
CVE-2025-42943 2025-08-12 MEDIUM 4.5 SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs…
CVE-2025-42942 2025-08-12 MEDIUM 6.1 SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated…
CVE-2025-42941 2025-08-12 LOW 3.5 SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link () elements. An attacker with administrative user privileges could exploit…
CVE-2025-42936 2025-08-12 MEDIUM 5.4 The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted…
CVE-2025-42935 2025-08-12 MEDIUM 4.1 The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive…
CVE-2025-42934 2025-08-12 MEDIUM 4.3 SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by…
CVE-2025-55161 2025-08-11 HIGH 8.6 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF,…
CVE-2025-55159 2025-08-11 N/A 0.0 slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its…
CVE-2025-55156 2025-08-11 N/A 0.0 pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers…
CVE-2025-55151 2025-08-11 HIGH 8.6 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert…
CVE-2025-55150 2025-08-11 HIGH 8.6 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF,…
CVE-2025-55012 2025-08-11 N/A 0.0 Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing…
CVE-2025-54992 2025-08-11 N/A 0.0 OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated…
CVE-2025-25235 2025-08-11 HIGH 8.6 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing…
CVE-2025-54878 2025-08-11 HIGH 8.6 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2025-40920 2025-08-11 HIGH 8.6 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID…
CVE-2024-32640 2025-08-11 CRITICAL 9.8 MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject`…
CVE-2025-8285 2025-08-11 MEDIUM 4.0 Mattermost Confluence Plugin version
CVE-2025-7679 2025-08-11 HIGH 7.4 Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
CVE-2025-7677 2025-08-11 MEDIUM 5.1 Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
CVE-2025-54525 2025-08-11 HIGH 7.5 Mattermost Confluence Plugin version
« Anterior Página 929 de 4305 Siguiente »