Skip to content
Toggle Navigation
Home
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Normativa y Leyes
Novedades
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-22209
2025-02-15
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22210
2025-02-25
HIGH
7.2
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL…
CVE-2025-25226
2025-04-08
CRITICAL
9.8
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note:…
CVE-2025-25227
2025-04-08
HIGH
7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2024-10144
2025-05-15
MEDIUM
4.8
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of…
CVE-2024-10054
2025-05-15
MEDIUM
4.8
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10107
2025-05-15
MEDIUM
4.8
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which…
CVE-2024-10145
2025-05-15
MEDIUM
4.8
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-10504
2025-05-15
MEDIUM
5.4
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters…
CVE-2024-11109
2025-05-15
MEDIUM
4.8
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could…
CVE-2024-3996
2025-05-15
MEDIUM
6.1
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow…
CVE-2025-5609
2025-06-04
HIGH
8.8
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of…
CVE-2025-5608
2025-06-04
HIGH
8.8
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file…
CVE-2025-5607
2025-06-04
HIGH
8.8
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList…
CVE-2025-48935
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible…
CVE-2025-48934
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables…
CVE-2025-5606
2025-06-04
MEDIUM
6.3
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv…
CVE-2025-48888
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2,…
CVE-2025-46339
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a…
CVE-2025-32015
2025-06-04
MEDIUM
6.7
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which…
CVE-2025-31482
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly…
CVE-2025-31134
2025-06-04
N/A
0.0
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server…
CVE-2025-22245
2025-06-04
MEDIUM
5.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244
2025-06-04
MEDIUM
6.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243
2025-06-04
HIGH
7.5
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-24015
2025-06-03
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM…
CVE-2020-27298
2021-01-26
MEDIUM
6.5
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The…
CVE-2020-14506
2020-09-18
LOW
3.4
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or…
CVE-2024-13613
2025-05-17
HIGH
7.5
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3…
CVE-2025-5267
2025-05-27
MEDIUM
5.4
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious…
CVE-2025-5266
2025-05-27
MEDIUM
6.5
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox…
CVE-2025-5264
2025-05-27
MEDIUM
4.8
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user…
CVE-2025-33103
2025-05-17
HIGH
8.5
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability.…
CVE-2025-4839
2025-05-17
LOW
3.1
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown…
CVE-2025-4842
2025-05-17
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged…
CVE-2025-4843
2025-05-18
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of…
CVE-2025-4844
2025-05-18
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-4845
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is…
CVE-2025-4847
2025-05-18
HIGH
7.3
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of…
CVE-2025-4848
2025-05-18
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-4852
2025-05-18
LOW
2.4
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing…
CVE-2025-3527
2025-05-17
MEDIUM
6.4
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in…
CVE-2024-6668
2025-05-15
MEDIUM
5.4
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could…
CVE-2025-3888
2025-05-17
MEDIUM
6.4
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions…
CVE-2024-4665
2025-05-15
MEDIUM
5.3
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for…
CVE-2025-4669
2025-05-17
MEDIUM
6.4
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all…
CVE-2024-6708
2025-05-15
MEDIUM
4.8
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on…
CVE-2024-6711
2025-05-15
MEDIUM
6.1
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow…
CVE-2024-7758
2025-05-15
MEDIUM
4.8
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8493
2025-05-15
MEDIUM
4.8
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high…
« Anterior
Página 12 de 3220
Siguiente »
Page load link
Go to Top
