Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-20800 In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 7.8 | HIGH | β | 0 |
| CVE-2009-1133 Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows r... | N/A | NONE | β | 0 |
| CVE-2025-20802 In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interac... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20803 In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interact... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20804 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20805 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-11723 The Appointment Booking Calendar β Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via th... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-20806 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20807 In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User intera... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-21673 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vuln... | 7.8 | HIGH | β | 0 |
| CVE-2026-21674 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This... | 3.3 | LOW | β | 0 |
| CVE-2026-21675 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11370 The Popup and Slider Builder by Depicter β Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-21748 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21749 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21750 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-13409 The Form Vibes β Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-13652 The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the βorderbyβ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13746 The ForumWP β Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14034 The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14153 The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insuffi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13215 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficien... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0604 The FastDup β Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter in the 'njt-fastdup/v... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21485 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue i... | 8.8 | HIGH | β | 0 |
| CVE-2026-21486 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wrapa... | 7.8 | HIGH | β | 0 |
| CVE-2026-21487 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21676 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks t... | 8.8 | HIGH | β | 0 |
| CVE-2026-21677 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21744 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21745 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21746 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-21747 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-14120 The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files.... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14438 The Xagio SEO β AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it p... | 6.4 | MEDIUM | β | 0 |
| CVE-2009-1534 Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 ... | N/A | NONE | β | 0 |
| CVE-2025-14996 The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugi... | 9.8 | CRITICAL | β | 0 |
| CVE-2009-1536 ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers... | N/A | NONE | β | 0 |
| CVE-2025-15001 The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validat... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12067 The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13812 The GamiPress β Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on t... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13766 The MasterStudy LMS WordPress Plugin β for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multi... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-13964 The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-5919 The Appointment Booking and Scheduling Calendar Plugin β WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-9294 The Quiz and Survey Master (QSM) β Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-47553 Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | 8.8 | HIGH | β | 0 |
| CVE-2025-14552 The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-9318 The Quiz and Survey Master (QSM) β Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the βis_linkingβ parameter in all versions up to, and including, 10.3.1... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-9637 The Quiz and Survey Master (QSM) β Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multip... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21488 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Nu... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21489 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabiliti... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.