Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-0699
2026-01-08
MEDIUM
4.7
A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results…
CVE-2025-13679
2026-01-08
MEDIUM
6.5
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id()…
CVE-2026-0698
2026-01-08
MEDIUM
4.7
A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads…
CVE-2026-0697
2026-01-08
MEDIUM
4.7
A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument…
CVE-2026-21427
2026-01-08
HIGH
7.8
The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a…
CVE-2026-0707
2026-01-08
MEDIUM
5.3
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as…
CVE-2025-14275
2026-01-08
MEDIUM
6.4
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the…
CVE-2025-12640
2026-01-08
MEDIUM
4.3
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up…
CVE-2019-25296
2026-01-08
CRITICAL
9.8
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions…
CVE-2026-21883
2026-01-08
N/A
0.0
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register…
CVE-2019-25295
2026-01-08
MEDIUM
6.5
The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file…
CVE-2026-21877
2026-01-08
CRITICAL
9.9
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This…
CVE-2026-21868
2026-01-08
HIGH
7.5
Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint…
CVE-2025-15346
2026-01-08
N/A
0.0
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag…
CVE-2019-25291
2026-01-08
HIGH
7.5
INIM Electronics Smartliving SmartLAN/G/SI
CVE-2019-25290
2026-01-08
MEDIUM
5.3
Smartliving SmartLAN/G/SI
CVE-2019-25289
2026-01-08
HIGH
8.8
SmartLiving SmartLAN
CVE-2019-25282
2026-01-08
CRITICAL
9.8
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that…
CVE-2019-25279
2026-01-08
HIGH
8.2
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive…
CVE-2019-25278
2026-01-08
HIGH
7.5
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication…
CVE-2019-25268
2026-01-08
CRITICAL
9.8
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit…
CVE-2019-25259
2026-01-08
MEDIUM
5.3
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing…
CVE-2019-25231
2026-01-08
HIGH
8.4
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure…
CVE-2026-21697
2026-01-07
N/A
0.0
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during…
CVE-2025-62224
2026-01-07
MEDIUM
5.5
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
CVE-2023-7333
2026-01-07
MEDIUM
5.3
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql…
CVE-2026-21693
2026-01-07
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21692
2026-01-07
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21691
2026-01-07
MEDIUM
5.4
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21690
2026-01-07
MEDIUM
6.3
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21689
2026-01-07
MEDIUM
6.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21688
2026-01-07
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21687
2026-01-07
HIGH
7.1
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21686
2026-01-07
HIGH
7.1
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21685
2026-01-07
HIGH
7.1
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21684
2026-01-07
HIGH
7.1
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21683
2026-01-07
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21441
2026-01-07
N/A
0.0
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather…
CVE-2026-22581
2026-01-08
N/A
0.0
Rejected reason: Not used
CVE-2026-22580
2026-01-08
N/A
0.0
Rejected reason: Not used
CVE-2026-22579
2026-01-08
N/A
0.0
Rejected reason: Not used
CVE-2026-22578
2026-01-08
N/A
0.0
Rejected reason: Not used
CVE-2026-22577
2026-01-08
N/A
0.0
Rejected reason: Not used
CVE-2026-0670
2026-01-07
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki -…
CVE-2026-0669
2026-01-07
HIGH
7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension:…
CVE-2026-0668
2026-01-07
MEDIUM
5.3
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
CVE-2025-61492
2026-01-07
CRITICAL
10.0
A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.
CVE-2026-21856
2026-01-07
HIGH
7.2
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit…
CVE-2026-21855
2026-01-07
CRITICAL
9.3
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast…
CVE-2026-21854
2026-01-07
CRITICAL
9.8
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any…
« Anterior
Página 124 de 3934
Siguiente »
Page load link
Go to Top
