Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-34734 HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-f... | 7.8 | HIGH | β | 0 |
| CVE-2026-35063 OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying thei... | 8.8 | HIGH | β | 0 |
| CVE-2026-32990 Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34486 Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to theΒ fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53... | 7.5 | HIGH | β | 0 |
| CVE-2026-29923 The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical mem... | 7.8 | HIGH | β | 0 |
| CVE-2025-54729 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Stored XSS.This issue affects We... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-54730 Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedde... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54732 Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM β Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM β Premium Packages: from n/a through... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-54736 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <=... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54739 Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks:... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54740 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: fro... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-54746 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redi... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-54747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a throug... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-54749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProdu... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55708 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affect... | 8.5 | HIGH | β | 0 |
| CVE-2025-55709 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affect... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55710 Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-55711 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table B... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55712 Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Secur... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55713 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <=... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-55714 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55716 Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-49432 Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2015-8458 Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Read... | N/A | NONE | β | 0 |
| CVE-2025-30975 Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.8... | 7.5 | HIGH | β | 0 |
| CVE-2025-48142 Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9. | 8.8 | HIGH | β | 0 |
| CVE-2025-48148 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper fo... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-48149 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2025-48151 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects C... | 7.1 | HIGH | β | 0 |
| CVE-2025-48152 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <=... | 7.1 | HIGH | β | 0 |
| CVE-2025-48154 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon... | 7.1 | HIGH | β | 0 |
| CVE-2025-48157 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue a... | 8.1 | HIGH | β | 0 |
| CVE-2025-48158 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversa... | 8.6 | HIGH | β | 0 |
| CVE-2025-48159 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Ref... | 7.1 | HIGH | β | 0 |
| CVE-2025-48160 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2025-48162 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Reflected XSS.This... | 7.1 | HIGH | β | 0 |
| CVE-2025-48163 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support lbg-audio8-html5-... | 7.1 | HIGH | β | 0 |
| CVE-2025-48164 Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. | 8.8 | HIGH | β | 0 |
| CVE-2025-48165 Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. | 8.8 | HIGH | β | 0 |
| CVE-2025-48168 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allow... | 7.1 | HIGH | β | 0 |
| CVE-2025-48169 Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-48170 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-a... | 7.1 | HIGH | β | 0 |
| CVE-2025-48171 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena... | 8.1 | HIGH | β | 0 |
| CVE-2025-48296 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= 1.7.... | 7.1 | HIGH | β | 0 |
| CVE-2025-48297 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affect... | 7.1 | HIGH | β | 0 |
| CVE-2026-40107 SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Me... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-48298 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File In... | 7.5 | HIGH | β | 0 |
| CVE-2025-48302 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This ... | 7.5 | HIGH | β | 0 |
| CVE-2025-49381 Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= ... | 9.6 | CRITICAL | β | 0 |
| CVE-2025-49382 Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.