Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8454 2025-08-01 CRITICAL 9.8 It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of…
CVE-2025-5921 2025-08-01 MEDIUM 5.8 The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2023-44976 2025-08-01 LOW 3.2 Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the…
CVE-2025-41376 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41375 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41374 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41373 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41372 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41371 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-41370 2025-08-01 N/A 0.0 A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update…
CVE-2025-6228 2025-08-01 MEDIUM 6.4 The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable…
CVE-2025-4684 2025-08-01 MEDIUM 6.4 The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for…
CVE-2025-8443 2025-08-01 HIGH 7.3 A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation…
CVE-2025-6398 2025-08-01 N/A 0.0 A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead…
CVE-2025-8442 2025-08-01 HIGH 7.3 A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The…
CVE-2025-8441 2025-08-01 HIGH 7.3 A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the…
CVE-2025-8439 2025-08-01 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of…
CVE-2025-8438 2025-08-01 HIGH 7.3 A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads…
CVE-2025-8437 2025-08-01 HIGH 7.3 A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email…
CVE-2025-7646 2025-08-01 MEDIUM 6.4 The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script…
CVE-2025-8436 2025-08-01 HIGH 7.3 A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php.…
CVE-2025-54939 2025-08-01 MEDIUM 5.3 LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2025-31716 2025-08-01 MEDIUM 5.1 In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution…
CVE-2025-8435 2025-08-01 HIGH 7.3 A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php.…
CVE-2025-7845 2025-08-01 MEDIUM 6.4 The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up…
CVE-2025-7725 2025-08-01 HIGH 7.2 The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to…
CVE-2025-7443 2025-08-01 HIGH 8.1 The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due…
CVE-2025-4523 2025-08-01 MEDIUM 6.5 The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2025-8434 2025-08-01 HIGH 7.3 A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of…
CVE-2025-8433 2025-08-01 MEDIUM 5.4 A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the…
CVE-2025-5947 2025-08-01 CRITICAL 9.8 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the…
CVE-2025-54847 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54846 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54845 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54844 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54843 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54842 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54841 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54840 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54839 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-54657 2025-08-01 N/A 0.0 Rejected reason: Not used
CVE-2025-53399 2025-08-01 N/A 0.0 In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP…
CVE-2019-19145 2025-08-01 MEDIUM 5.8 Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.
CVE-2025-5954 2025-08-01 CRITICAL 9.8 The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to…
CVE-2025-8431 2025-08-01 HIGH 7.3 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the…
CVE-2023-32251 2025-07-31 LOW 3.7 A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during…
CVE-2025-48073 2025-07-31 N/A 0.0 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep…
CVE-2025-48072 2025-07-31 N/A 0.0 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based…
CVE-2025-50866 2025-07-31 MEDIUM 6.1 CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that…
CVE-2025-48071 2025-07-31 N/A 0.0 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is…
« Anterior Página 949 de 4306 Siguiente »