CVE-2025-29032

CVE-2025-29032

Título es
CVE-2025-29032

Vie, 14/03/2025 – 14:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-29032

Descripción en
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.

14/03/2025

14/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://github.com/WhereisDoujo/CVE/issues/6

    • Enviar en el boletín
    Off

    CVE-2025-2268

    CVE-2025-2268

    Título es
    CVE-2025-2268

    Vie, 14/03/2025 – 14:15

    Tipo
    CWE-241

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2268

    Descripción en
    The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

    14/03/2025

    14/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://support.hp.com/us-en/document/ish_12114154-12114176-16/hpsbpi04013

    • Enviar en el boletín
    Off

    CVE-2025-1507

    CVE-2025-1507

    Título es
    CVE-2025-1507

    Vie, 14/03/2025 – 09:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1507

    Descripción en
    The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset/3255511/googleanalytics/trunk/class/core/class-ga-controller-core.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/314b8638-15e7-461d-a705-3858fe6813e7?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-8176

    CVE-2024-8176

    Título es
    CVE-2024-8176

    Vie, 14/03/2025 – 09:15

    Tipo
    CWE-674

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8176

    Descripción en
    A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://access.redhat.com/security/cve/CVE-2024-8176

  • https://bugzilla.redhat.com/show_bug.cgi?id=2310137

  • https://github.com/libexpat/libexpat/issues/893

    • Enviar en el boletín
    Off

    CVE-2024-26006

    CVE-2024-26006

    Título es
    CVE-2024-26006

    Vie, 14/03/2025 – 10:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-26006

    Descripción en
    An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://fortiguard.fortinet.com/psirt/FG-IR-23-485

    • Enviar en el boletín
    Off

    CVE-2025-1764

    CVE-2025-1764

    Título es
    CVE-2025-1764

    Vie, 14/03/2025 – 06:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1764

    Descripción en
    The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://plugins.svn.wordpress.org/loginpress/trunk/lib/wpb-sdk/views/wpb-debug.php

  • https://plugins.trac.wordpress.org/changeset/3253283/

  • LoginPress | wp-login Custom Login Page Customizer



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-0952

    CVE-2025-0952

    Título es
    CVE-2025-0952

    Vie, 14/03/2025 – 06:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0952

    Descripción en
    The Eco Nature – Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://themeforest.net/item/eco-nature-environment-ecology-wordpress-theme/8497776

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/ba708a4f-d987-4d63-a218-2ed1c6daa010?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-13913

    CVE-2024-13913

    Título es
    CVE-2024-13913

    Vie, 14/03/2025 – 06:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13913

    Descripción en
    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

    14/03/2025

    14/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/admin/class-instawp-admin.php#L159

  • https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/migrate/templates/main.php#L27

  • https://plugins.trac.wordpress.org/changeset/3254817/

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/ea6c7b63-00da-4476-a024-97fe99af643d?source=cve

    • Enviar en el boletín
    Off