Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-44011
2025-10-03
N/A
0.0
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch…
CVE-2025-44010
2025-10-03
N/A
0.0
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch…
CVE-2025-44009
2025-10-03
N/A
0.0
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch…
CVE-2025-44008
2025-10-03
N/A
0.0
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch…
CVE-2021-42193
2025-10-03
MEDIUM
6.1
nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.
CVE-2025-61593
2025-10-03
HIGH
7.1
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e.…
CVE-2025-61592
2025-10-03
HIGH
8.8
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (/.cursor/cli.json) could…
CVE-2025-52653
2025-10-03
HIGH
7.6
HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or…
CVE-2025-46817
2025-10-03
HIGH
7.0
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause…
CVE-2025-44007
2025-10-03
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit…
CVE-2025-44006
2025-10-03
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit…
CVE-2025-33040
2025-10-03
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit…
CVE-2025-59489
2025-10-03
HIGH
7.4
Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application…
CVE-2025-33039
2025-10-03
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit…
CVE-2025-33034
2025-10-03
N/A
0.0
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2024-56804
2025-10-03
N/A
0.0
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized…
CVE-2025-61591
2025-10-03
HIGH
8.8
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can…
CVE-2025-61590
2025-10-03
HIGH
7.5
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces…
CVE-2025-60787
2025-10-03
HIGH
7.2
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated…
CVE-2025-60454
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The…
CVE-2025-61666
2025-10-02
N/A
0.0
Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are…
CVE-2025-61665
2025-10-02
N/A
0.0
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint.…
CVE-2025-61606
2025-10-02
N/A
0.0
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically…
CVE-2025-61605
2025-10-02
N/A
0.0
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php…
CVE-2025-60453
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The…
CVE-2025-60452
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The…
CVE-2025-60451
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in…
CVE-2025-60450
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in…
CVE-2025-60449
2025-10-03
MEDIUM
4.9
An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators…
CVE-2025-60448
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component,…
CVE-2025-60447
2025-10-03
MEDIUM
5.9
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators…
CVE-2025-60445
2025-10-03
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component,…
CVE-2025-57423
2025-10-03
N/A
0.0
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input…
CVE-2025-34226
2025-10-03
N/A
0.0
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce…
CVE-2025-54089
2025-10-02
N/A
0.0
CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to…
CVE-2025-10729
2025-10-03
N/A
0.0
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading…
CVE-2025-10728
2025-10-03
N/A
0.0
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS
CVE-2025-10547
2025-10-03
HIGH
8.8
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance…
CVE-2025-10609
2025-10-03
MEDIUM
5.9
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
CVE-2025-9945
2025-10-03
MEDIUM
4.3
The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or…
CVE-2025-9897
2025-10-03
MEDIUM
4.3
The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce…
CVE-2025-9895
2025-10-03
MEDIUM
4.3
The Notification Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce…
CVE-2025-9892
2025-10-03
MEDIUM
5.3
The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect…
CVE-2025-9889
2025-10-03
MEDIUM
4.3
The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect…
CVE-2025-9885
2025-10-03
MEDIUM
4.3
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due…
CVE-2025-9884
2025-10-03
MEDIUM
6.1
The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect…
CVE-2025-9876
2025-10-03
MEDIUM
6.4
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient…
CVE-2025-9875
2025-10-03
MEDIUM
6.4
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticket_spot' shortcode in all versions up to, and including, 1.0.2 due…
CVE-2025-9859
2025-10-03
MEDIUM
6.4
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient…
CVE-2025-9858
2025-10-03
MEDIUM
6.4
The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abf_vehicle' shortcode in all versions up to, and including, 2.8.0…
« Anterior
Página 116 de 3646
Siguiente »
Page load link
Go to Top
