Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6439 2025-10-11 CRITICAL 9.8 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient…
CVE-2025-58301 2025-10-11 MEDIUM 6.2 Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58300 2025-10-11 MEDIUM 6.2 Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58293 2025-10-11 MEDIUM 5.5 Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58289 2025-10-11 MEDIUM 5.9 Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-11596 2025-10-11 HIGH 7.3 A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead…
CVE-2025-11595 2025-10-11 MEDIUM 4.7 A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing manipulation of the argument mobilenumber results…
CVE-2025-10376 2025-10-11 MEDIUM 4.3 The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce…
CVE-2025-10375 2025-10-11 MEDIUM 4.3 The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce…
CVE-2025-10190 2025-10-11 MEDIUM 6.4 The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to…
CVE-2025-10175 2025-10-11 MEDIUM 6.5 The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping…
CVE-2025-10167 2025-10-11 MEDIUM 6.4 The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_stock_snapshot_restocked shortcode in all versions up to, and…
CVE-2025-10129 2025-10-11 MEDIUM 6.4 The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including,…
CVE-2025-6553 2025-10-11 CRITICAL 9.8 The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to,…
CVE-2025-58299 2025-10-11 HIGH 8.4 Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58298 2025-10-11 HIGH 7.3 Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58297 2025-10-11 MEDIUM 5.9 Buffer overflow vulnerability in the sensor service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58295 2025-10-11 MEDIUM 5.9 Buffer overflow vulnerability in the development framework module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58292 2025-10-11 LOW 3.3 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58291 2025-10-11 LOW 3.3 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58290 2025-10-11 LOW 3.3 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58288 2025-10-11 MEDIUM 5.5 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58287 2025-10-11 HIGH 7.8 Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58286 2025-10-11 LOW 3.3 Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-11594 2025-10-11 MEDIUM 5.3 A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the…
CVE-2025-11518 2025-10-11 MEDIUM 5.3 The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX…
CVE-2025-11254 2025-10-11 MEDIUM 4.3 The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3…
CVE-2025-11167 2025-10-11 MEDIUM 4.7 The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6.…
CVE-2025-9496 2025-10-11 MEDIUM 6.4 The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file_modified shortcode in all versions up to, and including, 4.1.6 due to…
CVE-2025-9196 2025-10-11 MEDIUM 5.3 The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up…
CVE-2025-11533 2025-10-11 CRITICAL 9.8 The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting…
CVE-2025-11197 2025-10-11 MEDIUM 6.4 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient…
CVE-2025-10185 2025-10-11 MEDIUM 4.9 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nf_load_form_entries in all versions up…
CVE-2025-10048 2025-10-11 MEDIUM 4.9 The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insufficient escaping…
CVE-2025-11593 2025-10-11 MEDIUM 6.3 A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql…
CVE-2025-11592 2025-10-11 MEDIUM 6.3 A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql…
CVE-2025-11591 2025-10-11 MEDIUM 6.3 A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the…
CVE-2025-58285 2025-10-11 MEDIUM 5.3 Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58284 2025-10-11 MEDIUM 5.9 Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58283 2025-10-11 MEDIUM 5.5 Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58282 2025-10-11 LOW 2.8 Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58278 2025-10-11 MEDIUM 6.2 Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58277 2025-10-11 MEDIUM 4.0 Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-9560 2025-10-11 MEDIUM 6.4 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to…
CVE-2025-11380 2025-10-11 MEDIUM 5.9 The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
CVE-2025-54654 2025-10-11 MEDIUM 6.2 Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
CVE-2025-31718 2025-10-11 CRITICAL 9.8 In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
CVE-2025-31717 2025-10-11 CRITICAL 9.8 In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-11590 2025-10-11 MEDIUM 6.3 A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument…
CVE-2025-9554 2025-10-10 N/A 0.0 Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
« Anterior Página 93 de 3645 Siguiente »