CVE-2025-26525

CVE-2025-26525

Título es
CVE-2025-26525

Lun, 24/02/2025 – 20:15

Tipo
CWE-552

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26525

Descripción en
Insufficient sanitizing in the TeX notation filter resulted in an
arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).

24/02/2025

24/02/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
8.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias


  • https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136

  • https://moodle.org/mod/forum/discuss.php?d=466141

    • Enviar en el boletín
    Off

    CVE-2025-26532

    CVE-2025-26532

    Título es
    CVE-2025-26532

    Lun, 24/02/2025 – 20:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26532

    Descripción en
    Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003

  • https://moodle.org/mod/forum/discuss.php?d=466149

    • Enviar en el boletín
    Off

    CVE-2025-27355

    CVE-2025-27355

    Título es
    CVE-2025-27355

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27355

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/loi-hamon/vulnerability/wordpress-woocommerce-loi-hamon-plugin-1-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27353

    CVE-2025-27353

    Título es
    CVE-2025-27353

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27353

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS allows Cross Site Request Forgery. This issue affects Namaste! LMS: from n/a through 2.6.5.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/namaste-lms/vulnerability/wordpress-namaste-lms-plugin-2-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27352

    CVE-2025-27352

    Título es
    CVE-2025-27352

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27352

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 allows Stored XSS. This issue affects 无觅相关文章插件: from n/a through 1.0.5.7.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/wumii-related-posts/vulnerability/wordpress-plugin-1-0-5-7-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27351

    CVE-2025-27351

    Título es
    CVE-2025-27351

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27351

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page allows Stored XSS. This issue affects Local Search SEO Contact Page: from n/a through 4.0.1.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/local-search-seo-contact-page/vulnerability/wordpress-local-search-seo-contact-page-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27349

    CVE-2025-27349

    Título es
    CVE-2025-27349

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27349

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts allows Stored XSS. This issue affects Get Posts: from n/a through 0.6.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/nurelm-get-posts/vulnerability/wordpress-get-posts-plugin-0-6-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27357

    CVE-2025-27357

    Título es
    CVE-2025-27357

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27357

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link allows Cross Site Request Forgery. This issue affects Önceki Yazı Link: from n/a through 1.3.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/onceki-yazi-linki/vulnerability/wordpress-oenceki-yazi-link-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-27356

    CVE-2025-27356

    Título es
    CVE-2025-27356

    Lun, 24/02/2025 – 15:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27356

    Descripción en
    Missing Authorization vulnerability in Hardik Sticky Header On Scroll allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header On Scroll: from n/a through 1.0.

    24/02/2025

    24/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/sticky-header-on-scroll/vulnerability/wordpress-sticky-header-on-scroll-plugin-1-0-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-56897

    CVE-2024-56897

    Título es
    CVE-2024-56897

    Lun, 24/02/2025 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56897

    Descripción en
    Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.

    24/02/2025

    24/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4

  • https://github.com/geo-chen/YI-Smart-Dashcam/

  • Dash Camera


    • Enviar en el boletín
    Off