Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-7368 The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_ge... | 5.3 | MEDIUM | — | 0 |
| CVE-2008-6918 Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it ... | N/A | NONE | — | 0 |
| CVE-2025-10003 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘upload_file_remove’... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-21970 Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-58374 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve i... | 7.8 | HIGH | — | 0 |
| CVE-2025-58904 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58905 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58906 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58907 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58908 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58909 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58910 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58911 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58912 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-8359 The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authent... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8360 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insuf... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9085 The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and l... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-9515 The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This mak... | 7.2 | HIGH | — | 0 |
| CVE-2025-9853 The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sa... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-7040 The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() func... | 8.2 | HIGH | — | 0 |
| CVE-2025-7045 The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-8149 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-8564 The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-36326 Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity... | 8.4 | HIGH | — | 0 |
| CVE-2025-8722 The Content Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid and List widgets in all versions up to, and including, 4.1 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9126 The Smart Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9442 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9493 The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6757 The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10046 The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to ins... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-9961 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issu... | N/A | NONE | — | 0 |
| CVE-2021-26377 Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of se... | 4.1 | MEDIUM | — | 0 |
| CVE-2021-46750 Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (... | 3.0 | LOW | — | 0 |
| CVE-2023-20516 Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | 3.3 | LOW | — | 0 |
| CVE-2023-31306 Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bou... | 3.3 | LOW | — | 0 |
| CVE-2023-31322 Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write ... | 8.7 | HIGH | — | 0 |
| CVE-2023-31325 Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentialit... | 7.2 | HIGH | — | 0 |
| CVE-2023-31326 Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. | 2.8 | LOW | — | 0 |
| CVE-2023-31330 An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. | 2.5 | LOW | — | 0 |
| CVE-2023-31351 Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-31365 An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability. | 3.9 | LOW | — | 0 |
| CVE-2025-0032 Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instru... | 7.2 | HIGH | — | 0 |
| CVE-2025-0034 Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potential... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-58446 xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, ... | 7.5 | HIGH | — | 0 |
| CVE-2025-58445 Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endp... | 7.5 | HIGH | — | 0 |
| CVE-2025-42914 Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are o... | 3.1 | LOW | — | 0 |
| CVE-2025-58422 RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which ... | N/A | NONE | — | 0 |
| CVE-2025-41664 A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/... | 7.5 | HIGH | — | 0 |
| CVE-2019-25225 `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` opt... | 6.1 | MEDIUM | — | 0 |
| CVE-2014-125128 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), a... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.