Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54768
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2025-54767
2025-07-29
MEDIUM
6.5
An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
CVE-2025-54766
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2025-54765
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2024-42645
2025-07-29
N/A
0.0
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to…
CVE-2024-42644
2025-07-29
N/A
0.0
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of…
CVE-2025-7458
2025-07-29
N/A
0.0
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to…
CVE-2025-6175
2025-07-29
HIGH
7.2
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before…
CVE-2025-6060
2025-07-29
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting…
CVE-2025-41241
2025-07-29
MEDIUM
4.4
VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls…
CVE-2025-40686
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40685
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40684
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40683
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40682
2025-07-29
N/A
0.0
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete…
CVE-2025-5587
2025-07-29
MEDIUM
6.4
The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to,…
CVE-2025-8216
2025-07-29
MEDIUM
6.4
The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions…
CVE-2025-8196
2025-07-29
MEDIUM
6.4
The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in…
CVE-2025-7689
2025-07-29
HIGH
8.8
The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback()…
CVE-2025-6730
2025-07-29
MEDIUM
4.3
The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2025-6692
2025-07-29
MEDIUM
6.4
The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up…
CVE-2025-6681
2025-07-29
MEDIUM
6.4
The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up…
CVE-2025-26400
2025-07-29
MEDIUM
5.3
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead…
CVE-2025-53082
2025-07-29
MEDIUM
6.1
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the…
CVE-2025-53081
2025-07-29
MEDIUM
6.4
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the…
CVE-2025-6495
2025-07-29
HIGH
7.5
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to,…
CVE-2025-53649
2025-07-29
MEDIUM
5.1
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If…
CVE-2025-53080
2025-07-29
HIGH
7.1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to…
CVE-2025-53079
2025-07-29
MEDIUM
4.9
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
CVE-2025-53078
2025-07-29
HIGH
8.0
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
CVE-2025-53077
2025-07-29
MEDIUM
6.5
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could…
CVE-2025-4566
2025-07-29
MEDIUM
6.4
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-4370
2025-07-29
MEDIUM
5.3
The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls…
CVE-2025-3075
2025-07-29
MEDIUM
6.4
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-7811
2025-07-29
MEDIUM
6.4
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-7810
2025-07-29
MEDIUM
5.4
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-7809
2025-07-29
MEDIUM
6.4
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-54429
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in…
CVE-2025-54428
2025-07-28
CRITICAL
9.8
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below…
CVE-2025-54427
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic,…
CVE-2025-54426
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the…
CVE-2025-54423
2025-07-28
MEDIUM
5.4
copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to…
CVE-2025-54419
2025-07-28
CRITICAL
10.0
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from…
CVE-2025-50486
2025-07-28
HIGH
7.1
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking…
CVE-2025-50485
2025-07-28
HIGH
7.1
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking…
CVE-2025-29534
2025-07-28
HIGH
8.8
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to…
CVE-2025-8283
2025-07-28
LOW
3.7
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search…
CVE-2025-50487
2025-07-28
HIGH
7.1
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute…
CVE-2025-50484
2025-07-28
HIGH
7.1
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-54299
2025-07-28
N/A
0.0
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
« Anterior
Página 12 de 3361
Siguiente »
Page load link
Go to Top
