Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8471 2025-08-02 HIGH 7.3 A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation…
CVE-2025-8470 2025-08-02 HIGH 7.3 A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument…
CVE-2025-8469 2025-08-02 HIGH 7.3 A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the…
CVE-2025-8468 2025-08-02 HIGH 7.3 A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The…
CVE-2025-7710 2025-08-02 CRITICAL 9.8 The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not…
CVE-2025-7500 2025-08-02 MEDIUM 6.4 The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient…
CVE-2025-8467 2025-08-02 HIGH 7.3 A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The…
CVE-2025-8488 2025-08-02 MEDIUM 4.3 The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-6722 2025-08-02 MEDIUM 5.3 The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via…
CVE-2025-8466 2025-08-02 HIGH 7.3 A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of…
CVE-2025-8400 2025-08-02 MEDIUM 6.1 The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.…
CVE-2025-8399 2025-08-02 MEDIUM 6.4 The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-8391 2025-08-02 MEDIUM 6.4 The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to…
CVE-2025-6832 2025-08-02 MEDIUM 6.1 The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter…
CVE-2025-8317 2025-08-02 MEDIUM 6.4 The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient…
CVE-2025-8212 2025-08-02 MEDIUM 6.4 The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due…
CVE-2025-8152 2025-08-02 MEDIUM 5.3 The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
CVE-2025-6754 2025-08-02 HIGH 8.8 The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions…
CVE-2025-6626 2025-08-02 MEDIUM 4.4 The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up…
CVE-2025-4588 2025-08-02 MEDIUM 6.4 The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to…
CVE-2025-8146 2025-08-02 MEDIUM 6.4 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2…
CVE-2025-7694 2025-08-02 MEDIUM 6.8 The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and…
CVE-2025-6078 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely…
CVE-2025-6077 2025-08-02 N/A 0.0 Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
CVE-2025-6076 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and…
CVE-2025-54796 2025-08-02 HIGH 7.5 Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is…
CVE-2025-54790 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend…
CVE-2025-54789 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection…
CVE-2025-54782 2025-08-02 N/A 0.0 Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package.…
CVE-2025-54781 2025-08-02 LOW 2.8 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service…
CVE-2025-54386 2025-08-02 N/A 0.0 Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s…
CVE-2025-54136 2025-08-02 HIGH 7.2 Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted…
CVE-2025-54133 2025-08-02 N/A 0.0 Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol)…
CVE-2025-54792 2025-08-01 N/A 0.0 LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a…
CVE-2025-54424 2025-08-01 HIGH 8.1 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol…
CVE-2025-54132 2025-08-01 MEDIUM 4.4 Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered…
CVE-2025-54131 2025-08-01 MEDIUM 6.4 Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`)…
CVE-2024-13978 2025-08-01 LOW 2.5 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of…
CVE-2013-10063 2025-08-01 N/A 0.0 A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions
CVE-2013-10062 2025-08-01 N/A 0.0 A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers…
CVE-2013-10061 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint.…
CVE-2013-10060 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid…
CVE-2013-10059 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input…
CVE-2013-10058 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly…
CVE-2013-10057 2025-08-01 N/A 0.0 A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine…
CVE-2013-10055 2025-08-01 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation…
CVE-2013-10053 2025-08-01 N/A 0.0 A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call…
CVE-2013-10051 2025-08-01 N/A 0.0 A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed…
CVE-2013-10050 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface…
CVE-2013-10049 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script…
« Anterior Página 947 de 4306 Siguiente »