Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-10175 The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-10190 The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitiz... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-8484 The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attacke... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-10375 The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-10376 The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing f... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58289 Vulnerability of improper exception handling in the print module.Β Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-58293 Vulnerability of improper exception handling in the print module.Β Successful exploitation of this vulnerability may affect availability. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-58300 Buffer overflow vulnerability in the device management module.Β Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-58301 Buffer overflow vulnerability in the device management module.Β Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-6439 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path valid... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7652 The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-0636 EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. | 8.4 | HIGH | β | 0 |
| CVE-2025-8593 The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_p... | 8.8 | HIGH | β | 0 |
| CVE-2025-8606 The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation ... | 2.4 | LOW | β | 0 |
| CVE-2025-8682 The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and includi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-9621 The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-9626 The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-9947 The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the βpathβ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplie... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-9950 The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-9975 The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for aut... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-11601 A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2025-11604 A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes... | 7.3 | HIGH | β | 0 |
| CVE-2025-11606 A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing man... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-11610 A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName res... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-11611 A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11614 A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of th... | 7.3 | HIGH | β | 0 |
| CVE-2025-11615 A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument Service... | 7.3 | HIGH | β | 0 |
| CVE-2025-11628 A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inve... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-52616 HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-31992 HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session. | 4.6 | MEDIUM | β | 0 |
| CVE-2025-31969 HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cr... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-52614 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another... | 3.5 | LOW | β | 0 |
| CVE-2025-52615 HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers. | 3.5 | LOW | β | 0 |
| CVE-2025-9902 Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12... | 7.5 | HIGH | β | 0 |
| CVE-2025-2138 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server... | 3.5 | LOW | β | 0 |
| CVE-2025-2139 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-si... | 3.5 | LOW | β | 0 |
| CVE-2025-2140 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source d... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-33096 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursio... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-11645 A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to i... | 2.4 | LOW | β | 0 |
| CVE-2025-11654 A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such manipul... | 7.3 | HIGH | β | 0 |
| CVE-2025-36087 IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as... | 8.1 | HIGH | β | 0 |
| CVE-2025-11655 A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulat... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-11656 A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Execu... | 7.3 | HIGH | β | 0 |
| CVE-2025-11657 A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNo... | 7.3 | HIGH | β | 0 |
| CVE-2025-11658 A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The... | 7.3 | HIGH | β | 0 |
| CVE-2025-11659 A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/upl... | 7.3 | HIGH | β | 0 |
| CVE-2025-11660 A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/... | 7.3 | HIGH | β | 0 |
| CVE-2025-31994 HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immed... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58135 Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.