Jose Alexis Correa Valencia, Author at AlterPlex

16 Mar 2025

CVE-2022-49737

Título es
CVE-2022-49737

Dom, 16/03/2025 – 01:15

Tipo
CWE-413

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2022-49737

Descripción en
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.

16/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1%3Bbug%3D1081338%3Bfilename%3Ddix-Hold-input-lock-for-AttachDevice.patch%3Bmsg%3D5

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338

https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0

https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26961

Título es
CVE-2025-26961

Sáb, 15/03/2025 – 22:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26961

Descripción en
Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
8.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26940

Título es
CVE-2025-26940

Sáb, 15/03/2025 – 22:15

Tipo
CWE-35

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26940

Descripción en
Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/pie-register-premium/vulnerability/wordpress-pie-register-premium-plugin-3-8-3-2-path-traversal-to-non-arbitrary-file-deletion-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26924

Título es
CVE-2025-26924

Sáb, 15/03/2025 – 22:15

Tipo
CWE-94

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26924

Descripción en
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection. This issue affects Ohio Extra: from n/a through 3.4.7.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/ohio-extra/vulnerability/wordpress-ohio-theme-extra-plugin-3-4-7-shortcode-injection-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-27281

Título es
CVE-2025-27281

Sáb, 15/03/2025 – 22:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27281

Descripción en
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/all-in-menu/vulnerability/wordpress-all-in-menu-plugin-1-1-5-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26978

Título es
CVE-2025-26978

Sáb, 15/03/2025 – 22:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26978

Descripción en
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/fs-poster/vulnerability/wordpress-fs-poster-plugin-6-5-8-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26976

Título es
CVE-2025-26976

Sáb, 15/03/2025 – 22:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26976

Descripción en
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-4-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26972

Título es
CVE-2025-26972

Sáb, 15/03/2025 – 22:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26972

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-26969

Título es
CVE-2025-26969

Sáb, 15/03/2025 – 22:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26969

Descripción en
Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

15/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-subscriber-site-wide-broken-access-control-vulnerability?_s_id=cve

Enviar en el boletín
Off

15 Mar 2025

CVE-2025-2334

Título es
CVE-2025-2334

Sáb, 15/03/2025 – 23:15

Tipo
CWE-266

Gravedad v2.0
5.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2334

Descripción en
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

16/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://vuldb.com/?ctiid_299799=

https://vuldb.com/?id_299799=

https://vuldb.com/?submit_505688=

https://www.cnblogs.com/aibot/p/18732182

Enviar en el boletín
Off