Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-8443 2026-06-16 HIGH 8.8 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to,…
CVE-2026-6933 2026-06-16 HIGH 8.8 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the…
CVE-2026-5149 2026-06-16 MEDIUM 6.5 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a…
CVE-2026-10780 2026-06-16 MEDIUM 4.3 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the static_block_content() shortcode…
CVE-2026-6964 2026-06-16 MEDIUM 5.3 The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not…
CVE-2026-53900 2026-06-16 MEDIUM 4.3 Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to…
CVE-2026-50869 2026-06-15 CRITICAL 9.8 An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
CVE-2026-38329 2026-06-15 CRITICAL 9.8 Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file…
CVE-2026-30121 2026-06-15 CRITICAL 9.1 remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
CVE-2026-30120 2026-06-15 CRITICAL 9.8 remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
CVE-2025-55663 2026-06-15 MEDIUM 5.5 A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-55661 2026-06-15 MEDIUM 5.5 A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
CVE-2025-55660 2026-06-15 MEDIUM 5.5 A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-55652 2026-06-15 MEDIUM 5.5 A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2026-9262 2026-06-16 MEDIUM 6.5 Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9261 2026-06-16 MEDIUM 6.8 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9260 2026-06-16 MEDIUM 6.2 Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9259 2026-06-16 MEDIUM 6.5 Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9258 2026-06-16 MEDIUM 6.5 Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-40750 2026-06-16 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store:…
CVE-2026-54198 2026-06-16 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant
CVE-2026-54197 2026-06-16 MEDIUM 6.5 Unauthenticated Sensitive Data Exposure in GetGenie
CVE-2026-54191 2026-06-16 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Pods
CVE-2026-54190 2026-06-16 MEDIUM 6.5 Unauthenticated Broken Access Control in Envira Photo Gallery
CVE-2026-52715 2026-06-16 CRITICAL 9.3 Unauthenticated SQL Injection in GEO my WordPress
CVE-2026-52714 2026-06-16 MEDIUM 5.9 Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO
CVE-2026-52712 2026-06-16 HIGH 7.6 Subscriber SQL Injection in Attendance Manager
CVE-2026-52711 2026-06-16 HIGH 7.5 Unauthenticated Broken Access Control in WooCommerce POS
CVE-2026-49774 2026-06-16 CRITICAL 9.9 Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.
CVE-2026-49772 2026-06-16 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects…
CVE-2026-40809 2026-06-16 MEDIUM 6.5 Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.
CVE-2026-39581 2026-06-16 HIGH 8.5 Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic
CVE-2026-39574 2026-06-16 CRITICAL 9.3 Unauthenticated SQL Injection in InPost Gallery
CVE-2026-39490 2026-06-16 HIGH 7.5 Unauthenticated Broken Access Control in JupiterX Core
CVE-2026-39437 2026-06-16 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce
CVE-2025-68045 2026-06-16 HIGH 7.5 Unauthenticated Broken Access Control in WP Event SOlution
CVE-2026-20262 2026-06-15 MEDIUM 6.5 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file…
CVE-2026-49954 2026-06-15 HIGH 7.2 Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing…
CVE-2026-49953 2026-06-15 MEDIUM 6.5 Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets…
CVE-2026-49952 2026-06-15 CRITICAL 9.1 Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting…
CVE-2026-46331 2026-06-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once…
CVE-2026-9691 2026-06-15 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms
CVE-2026-52703 2026-06-15 CRITICAL 9.6 Unauthenticated Path Traversal in FastDup
CVE-2026-52702 2026-06-15 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection
CVE-2026-52700 2026-06-15 HIGH 8.5 Subscriber SQL Injection in WCMultiShipping
CVE-2026-52699 2026-06-15 HIGH 7.5 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar
CVE-2026-52697 2026-06-15 HIGH 8.5 Subscriber SQL Injection in Taskbuilder
CVE-2026-52695 2026-06-15 HIGH 7.5 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout
CVE-2026-52694 2026-06-15 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce
CVE-2026-52693 2026-06-15 CRITICAL 9.3 Unauthenticated SQL Injection in eCommerce Product Catalog
« Anterior Página 94 de 4528 Siguiente »