Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-58259 Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4. | 7.1 | HIGH | β | 0 |
| CVE-2025-58260 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highli... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58261 Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Red... | 7.1 | HIGH | β | 0 |
| CVE-2025-58262 Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0.... | 7.1 | HIGH | β | 0 |
| CVE-2025-58263 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This iss... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58264 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3572 The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verifica... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58266 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <=... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58267 Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-58268 Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1. | 7.1 | HIGH | β | 0 |
| CVE-2025-58269 Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.2... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-58270 Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a through ... | 7.1 | HIGH | β | 0 |
| CVE-2025-58271 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects ... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58645 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affec... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login... | 6.5 | MEDIUM | β | 0 |
| CVE-2015-8267 The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords v... | N/A | NONE | β | 0 |
| CVE-2015-7930 Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2015-7931 The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive informat... | N/A | NONE | β | 0 |
| CVE-2015-7932 Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | N/A | NONE | β | 0 |
| CVE-2015-7934 The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2015-8661 The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote att... | N/A | NONE | β | 0 |
| CVE-2026-1275 The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute in all versions up to, and including, 1.4. This is due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-58649 Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: f... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58650 Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pac... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-58651 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through <= 2... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58652 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: fro... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58653 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JS Morisset JSM file_get_contents() Shortcode wp-file-get-contents allows Stored XSS.This issue af... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58654 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-la... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58655 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Category Featured Images category-featured-images allows Stored XSS.This issue affects Categor... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58656 Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue af... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-58657 Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through <= 2.3.1. | 7.1 | HIGH | β | 0 |
| CVE-2006-0398 Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file ty... | N/A | NONE | β | 0 |
| CVE-2015-8662 The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which all... | N/A | NONE | β | 0 |
| CVE-2015-8663 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds arr... | N/A | NONE | β | 0 |
| CVE-2015-6792 The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application... | N/A | NONE | β | 0 |
| CVE-2015-8664 Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly ha... | N/A | NONE | β | 0 |
| CVE-2015-6409 Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCu... | N/A | NONE | β | 0 |
| CVE-2015-8669 libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, w... | N/A | NONE | β | 0 |
| CVE-2015-6004 Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.as... | N/A | NONE | β | 0 |
| CVE-2015-6005 Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap mess... | N/A | NONE | β | 0 |
| CVE-2015-8252 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and perfor... | N/A | NONE | β | 0 |
| CVE-2015-8253 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2... | N/A | NONE | β | 0 |
| CVE-2026-1935 The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_compa... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58659 Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through <= 1.45. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-58660 Missing Authorization vulnerability in brandexponents Oshine Core oshine-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oshine Core: from n/a through <... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-58661 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issue... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58662 Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5. | 7.2 | HIGH | β | 0 |
| CVE-2025-58663 Missing Authorization vulnerability in Themeum Qubely qubely allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Qubely: from n/a through <= 1.8.14. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58664 Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To Sp... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58665 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issu... | 5.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.