Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 16,758 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2025-67956 Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from ...	8.2	HIGH	—	1/22/2026
CVE-2025-69044 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango...	8.1	HIGH	—	1/22/2026
CVE-2025-69070 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	1/22/2026
CVE-2025-69071 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects T...	8.1	HIGH	—	1/22/2026
CVE-2025-50005 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n...	6.1	MEDIUM	—	1/22/2026
CVE-2025-50006 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4.	6.1	MEDIUM	—	1/22/2026
CVE-2025-50007 Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.	8.8	HIGH	—	1/22/2026
CVE-2026-24566 Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.	6.5	MEDIUM	—	1/23/2026
CVE-2025-61657 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/...	N/A	NONE	—	2/3/2026
CVE-2025-67479 Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. ...	N/A	NONE	—	2/3/2026
CVE-2025-67482 Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This iss...	N/A	NONE	—	2/3/2026
CVE-2026-25016 Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a throug...	4.3	MEDIUM	—	2/3/2026
CVE-2026-25019 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through...	5.3	MEDIUM	—	2/3/2026
CVE-2025-69072 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects P...	8.1	HIGH	—	1/22/2026
CVE-2025-69073 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piq...	8.1	HIGH	—	1/22/2026
CVE-2025-69192 Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a th...	7.3	HIGH	—	1/22/2026
CVE-2025-69193 Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through ...	7.3	HIGH	—	1/22/2026
CVE-2025-69292 Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.	8.8	HIGH	—	1/22/2026
CVE-2025-69293 Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.	8.8	HIGH	—	1/22/2026
CVE-2026-22349 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22353 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <=...	6.5	MEDIUM	—	1/22/2026
CVE-2026-22355 Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.	7.1	HIGH	—	1/22/2026
CVE-2026-22404 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22406 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22407 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a thro...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22409 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: f...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22411 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from...	5.4	MEDIUM	—	1/22/2026
CVE-2026-22469 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a throug...	5.3	MEDIUM	—	1/22/2026
CVE-2026-24357 Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a throu...	8.1	HIGH	—	1/22/2026
CVE-2026-1201 An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connect...	N/A	NONE	—	1/22/2026
CVE-2026-24304 Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.	9.9	CRITICAL	—	1/23/2026
CVE-2026-24531 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affect...	9.8	CRITICAL	—	1/23/2026
CVE-2016-20061 sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can inse...	7.8	HIGH	—	4/4/2026
CVE-2018-25247 MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craf...	6.1	MEDIUM	—	4/4/2026
CVE-2018-25254 NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to...	9.8	CRITICAL	—	4/4/2026
CVE-2018-25255 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attack...	8.4	HIGH	—	4/4/2026
CVE-2018-25238 VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can pa...	6.2	MEDIUM	—	4/4/2026
CVE-2018-25239 Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buff...	6.2	MEDIUM	—	4/4/2026
CVE-2016-20054 Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administr...	4.3	MEDIUM	—	4/4/2026
CVE-2019-25429 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attac...	6.1	MEDIUM	—	2/19/2026
CVE-2019-25430 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username paramet...	6.1	MEDIUM	—	2/19/2026
CVE-2026-2744 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	N/A	NONE	—	2/19/2026
CVE-2026-25527 changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("st...	5.3	MEDIUM	—	2/19/2026
CVE-2025-71243 The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execu...	9.8	CRITICAL	—	2/19/2026
CVE-2025-67973 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho...	6.5	MEDIUM	—	2/20/2026
CVE-2025-67974 Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a throug...	7.5	HIGH	—	2/20/2026
CVE-2025-67975 Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3...	6.5	MEDIUM	—	2/20/2026
CVE-2025-67977 Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a ...	8.2	HIGH	—	2/20/2026
CVE-2025-67978 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.	7.1	HIGH	—	2/20/2026
CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t...	7.8	HIGH	—	4/2/2026

Pagina 3 de 336

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.