Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-14846
2026-01-14
MEDIUM
4.3
The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing nonce validation…
CVE-2025-14770
2026-01-14
HIGH
7.5
The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient…
CVE-2025-14173
2026-01-14
MEDIUM
5.3
The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the…
CVE-2026-0717
2026-01-14
MEDIUM
5.3
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST…
CVE-2026-0694
2026-01-14
MEDIUM
6.4
The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in search results in all versions up to, and including, 1.0.0. This is due…
CVE-2026-0680
2026-01-14
MEDIUM
4.4
The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to…
CVE-2026-0678
2026-01-14
MEDIUM
4.9
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including,…
CVE-2026-0635
2026-01-14
MEDIUM
4.3
The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up…
CVE-2026-0594
2026-01-14
MEDIUM
6.1
The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input…
CVE-2025-15486
2026-01-14
MEDIUM
4.4
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching…
CVE-2025-15378
2026-01-14
HIGH
7.2
The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all versions up to, and including, 1.0 due to…
CVE-2025-15377
2026-01-14
MEDIUM
4.3
The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation…
CVE-2025-15283
2026-01-14
HIGH
7.2
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all versions up to, and including, 1.30.3 due to…
CVE-2025-15266
2026-01-14
HIGH
7.2
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all…
CVE-2025-15021
2026-01-14
MEDIUM
4.4
The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient…
CVE-2025-15020
2026-01-14
MEDIUM
6.5
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes…
CVE-2025-14880
2026-01-14
MEDIUM
5.3
The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_return_url function in all versions…
CVE-2025-14854
2026-01-14
MEDIUM
5.4
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX functions in all versions up to,…
CVE-2025-14725
2026-01-14
MEDIUM
4.4
The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input…
CVE-2025-14615
2026-01-14
HIGH
7.1
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This…
CVE-2025-14613
2026-01-14
HIGH
7.2
The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wp_remote_get() instead…
CVE-2025-14482
2026-01-14
MEDIUM
4.3
The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in…
CVE-2025-14464
2026-01-14
MEDIUM
5.3
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering…
CVE-2025-14389
2026-01-14
MEDIUM
4.3
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This…
CVE-2025-14379
2026-01-14
MEDIUM
4.4
The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes…
CVE-2025-14301
2026-01-14
CRITICAL
9.8
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()`…
CVE-2025-13627
2026-01-14
MEDIUM
4.4
The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat_clubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization…
CVE-2025-12178
2026-01-14
MEDIUM
6.4
The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient…
CVE-2026-22718
2026-01-14
MEDIUM
6.8
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.
CVE-2025-68970
2026-01-14
MEDIUM
6.1
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68969
2026-01-14
MEDIUM
6.8
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68968
2026-01-14
HIGH
7.8
Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.
CVE-2025-68967
2026-01-14
MEDIUM
5.7
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68966
2026-01-14
MEDIUM
5.1
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68965
2026-01-14
MEDIUM
4.7
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68964
2026-01-14
MEDIUM
6.2
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68963
2026-01-14
MEDIUM
5.7
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68962
2026-01-14
MEDIUM
5.1
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68961
2026-01-14
MEDIUM
5.1
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68960
2026-01-14
HIGH
8.4
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68959
2026-01-14
MEDIUM
6.2
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-68958
2026-01-14
HIGH
8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68957
2026-01-14
HIGH
8.4
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68956
2026-01-14
HIGH
8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-68955
2026-01-14
HIGH
8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-12053
2026-01-14
HIGH
7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12052
2026-01-14
HIGH
7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12051
2026-01-14
HIGH
7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2025-12050
2026-01-14
HIGH
7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
CVE-2026-22686
2026-01-14
CRITICAL
10.0
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted,…
« Anterior
Página 104 de 3931
Siguiente »
Page load link
Go to Top
