Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-25214 2025-07-24 HIGH 8.8 A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead…
CVE-2025-54369 2025-07-24 N/A 0.0 Rejected reason: Reason: This candidate was issued in error.
CVE-2025-51089 2025-07-24 MEDIUM 6.5 Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.
CVE-2025-51088 2025-07-24 MEDIUM 5.3 Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.
CVE-2025-51085 2025-07-24 MEDIUM 5.3 Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.
CVE-2025-51082 2025-07-24 MEDIUM 5.3 Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow.
CVE-2025-45731 2025-07-24 MEDIUM 6.5 A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.
CVE-2025-41240 2025-07-24 CRITICAL 10.0 Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to…
CVE-2025-8114 2025-07-24 MEDIUM 4.7 A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in…
CVE-2025-51087 2025-07-24 HIGH 8.6 Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.
CVE-2025-36005 2025-07-24 MEDIUM 5.9 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13…
CVE-2025-33109 2025-07-24 HIGH 7.5 IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database…
CVE-2025-33013 2025-07-24 MEDIUM 6.2 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13…
CVE-2025-54365 2025-07-23 N/A 0.0 fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to…
CVE-2025-4784 2025-07-24 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025.
CVE-2016-15044 2025-07-23 N/A 0.0 A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can…
CVE-2025-5243 2025-07-24 CRITICAL 10.0 Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code…
CVE-2025-4822 2025-07-24 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection.This issue affects ScadaWatt Otopilot: before 27.05.2025.
CVE-2025-40680 2025-07-24 N/A 0.0 Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry…
CVE-2025-7745 2025-07-24 MEDIUM 5.8 Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
CVE-2025-8071 2025-07-24 MEDIUM 6.4 Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘audio’ parameter in all versions up to, and including, 2.1.10 due to insufficient input sanitization…
CVE-2025-7966 2025-07-24 MEDIUM 6.4 The Get Youtube Subs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘channel', 'layout', and 'subs_count’ parameters in all versions up to, and including, 3.5…
CVE-2025-7959 2025-07-24 MEDIUM 6.4 The Station Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width' and 'height’ parameter in all versions up to, and including, 2.4.2 due to…
CVE-2025-7835 2025-07-24 MEDIUM 4.3 The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or…
CVE-2025-7822 2025-07-24 MEDIUM 4.3 The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices hook in all versions up to,…
CVE-2025-7780 2025-07-24 MEDIUM 6.5 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes…
CVE-2025-7695 2025-07-24 HIGH 8.8 The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The endpoint’s…
CVE-2025-7690 2025-07-24 MEDIUM 6.1 The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce…
CVE-2025-7640 2025-07-24 HIGH 8.1 The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect…
CVE-2025-6588 2025-07-24 MEDIUM 6.1 The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization…
CVE-2025-6539 2025-07-24 MEDIUM 6.4 The Voltax Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.5 due to insufficient…
CVE-2025-6441 2025-07-24 CRITICAL 9.8 The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check…
CVE-2025-6387 2025-07-24 MEDIUM 6.4 The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.5 due to…
CVE-2025-6385 2025-07-24 MEDIUM 6.4 The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 0.4.1 due to insufficient input…
CVE-2025-6382 2025-07-24 MEDIUM 6.4 The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render()…
CVE-2025-6380 2025-07-24 CRITICAL 9.8 The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin’s permission…
CVE-2025-6262 2025-07-24 MEDIUM 6.4 The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to…
CVE-2025-5084 2025-07-24 MEDIUM 6.1 The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions up to, and including, 3.4.13 due to insufficient…
CVE-2025-4608 2025-07-24 MEDIUM 6.4 The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 1.6.4 due to insufficient…
CVE-2025-3669 2025-07-24 MEDIUM 6.4 The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode in all versions up to, and including, 1.0.9…
CVE-2025-8107 2025-07-24 MEDIUM 6.3 In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands. This vulnerability only affects OceanBase…
CVE-2025-8009 2025-07-24 MEDIUM 4.9 The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the…
CVE-2025-26397 2025-07-24 HIGH 7.8 SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to…
CVE-2025-7852 2025-07-24 CRITICAL 9.8 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all…
CVE-2025-7437 2025-07-24 CRITICAL 9.8 The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and…
CVE-2025-7001 2025-07-24 MEDIUM 4.3 An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users…
CVE-2025-4976 2025-07-24 MEDIUM 4.3 An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have…
CVE-2025-4968 2025-07-24 MEDIUM 6.4 The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element, Hover Box, Separator With Text, FAQ,…
CVE-2025-4395 2025-07-24 MEDIUM 6.8 Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access…
CVE-2025-4394 2025-07-24 MEDIUM 6.8 Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient…
« Anterior Página 967 de 4306 Siguiente »