Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-7764 2025-07-17 HIGH 7.3 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the…
CVE-2025-7763 2025-07-17 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site…
CVE-2025-46001 2025-07-18 N/A 0.0 An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-13175 2025-07-18 MEDIUM 5.5 Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
CVE-2025-6227 2025-07-18 LOW 2.2 Mattermost versions 10.5.x
CVE-2025-6233 2025-07-18 MEDIUM 6.8 Mattermost versions 10.8.x
CVE-2025-50126 2025-07-18 N/A 0.0 A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text]…
CVE-2025-50058 2025-07-18 N/A 0.0 A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review…
CVE-2025-50057 2025-07-18 N/A 0.0 A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.
CVE-2025-50056 2025-07-18 N/A 0.0 A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2025-49486 2025-07-18 N/A 0.0 A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.
CVE-2025-49485 2025-07-18 N/A 0.0 A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter.
CVE-2025-49484 2025-07-18 N/A 0.0 A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee…
CVE-2025-2425 2025-07-18 N/A 0.0 Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file…
CVE-2025-7444 2025-07-18 CRITICAL 9.8 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user…
CVE-2025-6226 2025-07-18 MEDIUM 6.5 Mattermost versions 10.5.x
CVE-2025-6197 2025-07-18 MEDIUM 4.2 An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must…
CVE-2025-6023 2025-07-18 HIGH 7.6 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect…
CVE-2025-38349 2025-07-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is…
CVE-2025-26855 2025-07-18 N/A 0.0 A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.
CVE-2025-26854 2025-07-18 N/A 0.0 A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.
CVE-2024-32124 2025-07-18 MEDIUM 4.3 An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via…
CVE-2024-27779 2025-07-18 MEDIUM 6.7 An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and…
CVE-2025-7772 2025-07-18 MEDIUM 6.5 The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8…
CVE-2025-7438 2025-07-18 HIGH 7.5 The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to,…
CVE-2025-7643 2025-07-18 CRITICAL 9.1 The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and…
CVE-2025-6726 2025-07-18 MEDIUM 4.3 The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versions…
CVE-2025-6719 2025-07-18 MEDIUM 4.4 The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization…
CVE-2025-6718 2025-07-18 HIGH 8.8 The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including,…
CVE-2025-6717 2025-07-18 MEDIUM 6.5 The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the…
CVE-2025-6222 2025-07-18 CRITICAL 9.8 The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file…
CVE-2025-5811 2025-07-18 MEDIUM 5.3 The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions…
CVE-2025-5800 2025-07-18 MEDIUM 6.4 The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 1.2.1 due to insufficient…
CVE-2025-5767 2025-07-18 MEDIUM 6.4 The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient…
CVE-2025-5754 2025-07-18 MEDIUM 6.4 The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including,…
CVE-2025-5752 2025-07-18 MEDIUM 6.4 The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due…
CVE-2025-29572 2025-07-18 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7660 2025-07-18 MEDIUM 6.4 The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to, and including, 1.1 due to…
CVE-2025-7648 2025-07-18 MEDIUM 6.4 The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to…
CVE-2025-7638 2025-07-18 MEDIUM 4.9 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the `order_by` parameter in all versions…
CVE-2025-6813 2025-07-18 HIGH 8.8 The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes…
CVE-2025-6781 2025-07-18 MEDIUM 4.3 The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due…
CVE-2025-6053 2025-07-18 MEDIUM 6.1 The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect…
CVE-2025-5816 2025-07-18 MEDIUM 4.3 The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0…
CVE-2025-3740 2025-07-18 HIGH 8.8 The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This…
CVE-2025-7431 2025-07-18 MEDIUM 4.4 The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient…
CVE-2025-6185 2025-07-18 CRITICAL 9.3 Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in…
CVE-2025-7398 2025-07-17 N/A 0.0 Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
CVE-2025-7397 2025-07-17 N/A 0.0 A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A…
CVE-2025-6391 2025-07-17 N/A 0.0 Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications,…
« Anterior Página 982 de 4307 Siguiente »