Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-48884 Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in ve... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-52910 An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54335 An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55155 Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-54496 A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2025-62520 Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php c... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62715 ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucketβs Collection tags feature. An authenticate... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-52534 Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | N/A | NONE | β | 0 |
| CVE-2025-62719 LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62720 LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-62721 LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allo... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-64106 Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the sta... | 8.8 | HIGH | β | 0 |
| CVE-2025-64107 Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./.... | 8.8 | HIGH | β | 0 |
| CVE-2025-64108 Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite f... | 8.8 | HIGH | β | 0 |
| CVE-2025-8871 The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() functio... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-11835 The Paid Membership Subscriptions β Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12580 The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64448 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64449 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64450 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64451 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64452 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64453 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64454 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-64455 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-11162 The Spectra Gutenberg Blocks β Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 d... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12197 The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and l... | 7.5 | HIGH | β | 0 |
| CVE-2025-10567 The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks ag... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-10873 The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_ad... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-11749 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-21071 Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | 5.7 | MEDIUM | β | 0 |
| CVE-2025-21073 Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnera... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-21074 Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-21075 Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-21076 Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for tr... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21077 Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege. | 3.3 | LOW | β | 0 |
| CVE-2025-21078 Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. | 8.8 | HIGH | β | 0 |
| CVE-2025-21079 Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction i... | 7.1 | HIGH | β | 0 |
| CVE-2025-6027 The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as su... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-12674 The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This make... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11373 The Popup and Slider Builder by Depicter β Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary fi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-11917 The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it poss... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12139 The File Manager for Google Drive β Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_... | 7.5 | HIGH | β | 0 |
| CVE-2025-12384 The Document Embedder β Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This i... | 8.6 | HIGH | β | 0 |
| CVE-2025-12388 The B Carousel Block β Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not va... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-62225 Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execut... | N/A | NONE | β | 0 |
| CVE-2025-64151 Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may exe... | N/A | NONE | β | 0 |
| CVE-2025-12676 The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12677 The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the register_api_route() function in kiotvietsync/includes/public... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.