Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 16,594 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2026-32381 Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32382 Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32383 Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.	5.3	MEDIUM	—	3/13/2026
CVE-2026-32396 Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.	5.3	MEDIUM	—	3/13/2026
CVE-2026-32397 Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32421 Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throug...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32422 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP Easy...	8.5	HIGH	—	3/13/2026
CVE-2026-32434 Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.	5.3	MEDIUM	—	3/13/2026
CVE-2026-32435 Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4....	5.3	MEDIUM	—	3/13/2026
CVE-2026-32436 Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throug...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32437 Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32451 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr...	6.3	MEDIUM	—	3/13/2026
CVE-2026-32452 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32453 Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32454 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a th...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32775 libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.	7.4	HIGH	—	3/16/2026
CVE-2026-24062 The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to co...	7.8	HIGH	—	3/18/2026
CVE-2025-62043 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.	6.5	MEDIUM	—	3/19/2026
CVE-2025-67618 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.	7.1	HIGH	—	3/19/2026
CVE-2025-69015 Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from...	3.8	LOW	—	12/30/2025
CVE-2025-52746 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a thro...	6.1	MEDIUM	—	1/22/2026
CVE-2025-67923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a throug...	7.1	HIGH	—	1/22/2026
CVE-2025-67938 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	1/22/2026
CVE-2025-67939 Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a throu...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67940 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	1/22/2026
CVE-2025-67941 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	1/22/2026
CVE-2025-67956 Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from ...	8.2	HIGH	—	1/22/2026
CVE-2025-69044 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango...	8.1	HIGH	—	1/22/2026
CVE-2025-69070 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affec...	8.1	HIGH	—	1/22/2026
CVE-2025-69071 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects T...	8.1	HIGH	—	1/22/2026
CVE-2025-63000 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through...	6.5	MEDIUM	—	12/31/2025
CVE-2025-63005 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through...	6.5	MEDIUM	—	12/31/2025
CVE-2025-49358 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a throu...	6.5	MEDIUM	—	12/31/2025
CVE-2025-66154 Missing Authorization vulnerability in merkulove Couponer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a thro...	5.4	MEDIUM	—	12/31/2025
CVE-2025-69335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from n...	5.4	MEDIUM	—	1/6/2026
CVE-2025-67926 Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a...	8.8	HIGH	—	1/8/2026
CVE-2025-68867 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: fr...	6.5	MEDIUM	—	1/8/2026
CVE-2025-50005 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n...	6.1	MEDIUM	—	1/22/2026
CVE-2025-50006 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4.	6.1	MEDIUM	—	1/22/2026
CVE-2025-50007 Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.	8.8	HIGH	—	1/22/2026
CVE-2026-24564 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <=...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24565 Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0.	6.5	MEDIUM	—	1/23/2026
CVE-2026-24566 Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.	6.5	MEDIUM	—	1/23/2026
CVE-2025-61655 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files incl...	N/A	NONE	—	2/3/2026
CVE-2025-61656 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/...	N/A	NONE	—	2/3/2026
CVE-2025-61657 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/...	N/A	NONE	—	2/3/2026
CVE-2025-67475 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include...	N/A	NONE	—	2/3/2026
CVE-2025-67476 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.4...	N/A	NONE	—	2/3/2026
CVE-2025-67477 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc...	N/A	NONE	—	2/3/2026
CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	HIGH	KEV	1/13/2026

Pagina 2 de 332

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.