CVE-2025-23810

CVE-2025-23810

Título es
CVE-2025-23810

Jue, 16/01/2025 – 21:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-23810

Descripción en
Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11.

16/01/2025
16/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://patchstack.com/database/wordpress/plugin/len-slider/vulnerability/wordpress-len-slider-plugin-2-0-11-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23822

    CVE-2025-23822

    Título es
    CVE-2025-23822

    Jue, 16/01/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23822

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0.

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/categorycustomfields/vulnerability/wordpress-category-custom-fields-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-57676

    CVE-2024-57676

    Título es
    CVE-2024-57676

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57676

    Descripción en
    An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2WlanBasicSetup.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2025-20621

    CVE-2025-20621

    Título es
    CVE-2025-20621

    Jue, 16/01/2025 – 19:15

    Tipo
    CWE-1287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20621

    Descripción en
    Mattermost versions 10.2.x

    16/01/2025
    16/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://mattermost.com/security-updates

    • Enviar en el boletín
    Off

    CVE-2024-57683

    CVE-2024-57683

    Título es
    CVE-2024-57683

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57683

    Descripción en
    An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/websURLFilterAddDel.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2024-57682

    CVE-2024-57682

    Título es
    CVE-2024-57682

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57682

    Descripción en
    An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/d_status.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2024-57681

    CVE-2024-57681

    Título es
    CVE-2024-57681

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57681

    Descripción en
    An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2alg.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2024-57680

    CVE-2024-57680

    Título es
    CVE-2024-57680

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57680

    Descripción en
    An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2PortriggerRule.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2024-57679

    CVE-2024-57679

    Título es
    CVE-2024-57679

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57679

    Descripción en
    An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2RepeaterSetup.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off

    CVE-2024-57678

    CVE-2024-57678

    Título es
    CVE-2024-57678

    Jue, 16/01/2025 – 19:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-57678

    Descripción en
    An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.

    16/01/2025
    16/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2WlAc.md

  • https://www.dlink.com/en/security-bulletin/

    • Enviar en el boletín
    Off