Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-14039 The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and includi... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-9082 The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitiz... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-26386 Johnson Controls iSTAR Configuration Utility (ICU) hasΒ Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation ... | N/A | NONE | β | 0 |
| CVE-2026-0825 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0832 The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, ... | 7.3 | HIGH | β | 0 |
| CVE-2026-1244 The Forms Bridge β Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoop_campaign' shortcode in all versions up to,... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1295 The Buy Now Plus β Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insuff... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14386 The Search Atlas SEO β Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the ... | 8.8 | HIGH | β | 0 |
| CVE-2026-1310 The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_ed... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-40537 SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | 7.5 | HIGH | β | 0 |
| CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0818 When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted co... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1054 The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_s... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-7740 Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment. | N/A | NONE | β | 0 |
| CVE-2026-0702 The VidShop β Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient... | 7.5 | HIGH | β | 0 |
| CVE-2025-14616 The Recooty β Job Widget (Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the re... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1053 The Ivory Search β WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input s... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1381 The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient i... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1400 The AI Engine β The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` ... | 7.2 | HIGH | β | 0 |
| CVE-2025-41351 Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by th... | N/A | NONE | β | 0 |
| CVE-2025-59891 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions... | 8.0 | HIGH | β | 0 |
| CVE-2025-59892 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions... | 8.0 | HIGH | β | 0 |
| CVE-2025-59893 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions... | 8.0 | HIGH | β | 0 |
| CVE-2025-59894 Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions... | 8.0 | HIGH | β | 0 |
| CVE-2025-59895 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insuffi... | 7.5 | HIGH | β | 0 |
| CVE-2025-59896 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an au... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-13917 WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevate... | 7.0 | HIGH | β | 0 |
| CVE-2025-59897 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an au... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59898 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an au... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59899 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an au... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59900 Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an au... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59901 Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent b... | N/A | NONE | β | 0 |
| CVE-2026-0483 Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload,... | N/A | NONE | β | 0 |
| CVE-2025-13918 Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may a... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-1280 The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and incl... | 7.5 | HIGH | β | 0 |
| CVE-2026-1377 The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the settings update functionality. Th... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1380 The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settin... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1391 The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1398 The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1399 The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization ... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-13919 Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to es... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-36984 EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path i... | 7.8 | HIGH | β | 0 |
| CVE-2020-36985 IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binar... | 7.8 | HIGH | β | 0 |
| CVE-2020-36986 Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to i... | 7.8 | HIGH | β | 0 |
| CVE-2020-36987 Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unqu... | 7.8 | HIGH | β | 0 |
| CVE-2020-36988 PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. ... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36989 ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can ex... | 7.8 | HIGH | β | 0 |
| CVE-2020-36990 Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.