CVE-2025-22576

CVE-2025-22576

Título es
CVE-2025-22576

Lun, 13/01/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-22576

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3.

13/01/2025
13/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://patchstack.com/database/wordpress/plugin/site-pin/vulnerability/wordpress-site-pin-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22800

    CVE-2025-22800

    Título es
    CVE-2025-22800

    Lun, 13/01/2025 – 14:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22800

    Descripción en
    Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.

    13/01/2025
    13/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/post-smtp/vulnerability/wordpress-post-smtp-plugin-2-9-11-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-51728

    CVE-2024-51728

    Título es
    CVE-2024-51728

    Lun, 13/01/2025 – 10:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51728

    Descripción en
    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2024. Notes: none.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Enviar en el boletín
    Off

    CVE-2024-52936

    CVE-2024-52936

    Título es
    CVE-2024-52936

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52936

    Descripción en
    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-52935

    CVE-2024-52935

    Título es
    CVE-2024-52935

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52935

    Descripción en
    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-47897

    CVE-2024-47897

    Título es
    CVE-2024-47897

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47897

    Descripción en
    Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-47895

    CVE-2024-47895

    Título es
    CVE-2024-47895

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47895

    Descripción en
    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-47894

    CVE-2024-47894

    Título es
    CVE-2024-47894

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47894

    Descripción en
    Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-52937

    CVE-2024-52937

    Título es
    CVE-2024-52937

    Lun, 13/01/2025 – 11:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52937

    Descripción en
    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off

    CVE-2024-11636

    CVE-2024-11636

    Título es
    CVE-2024-11636

    Lun, 13/01/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11636

    Descripción en
    The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    13/01/2025
    13/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/da616c20-3d74-4d3a-95f5-2d71d9ada094/

    • Enviar en el boletín
    Off