Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-6539
2025-07-24
MEDIUM
6.4
The Voltax Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions…
CVE-2025-6441
2025-07-24
CRITICAL
9.8
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login…
CVE-2025-6387
2025-07-24
MEDIUM
6.4
The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all…
CVE-2025-6385
2025-07-24
MEDIUM
6.4
The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up…
CVE-2025-6382
2025-07-24
MEDIUM
6.4
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions…
CVE-2025-6380
2025-07-24
CRITICAL
9.8
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint…
CVE-2025-6262
2025-07-24
MEDIUM
6.4
The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all…
CVE-2025-5084
2025-07-24
MEDIUM
6.1
The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions…
CVE-2025-4608
2025-07-24
MEDIUM
6.4
The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions…
CVE-2025-3669
2025-07-24
MEDIUM
6.4
The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode…
CVE-2025-8107
2025-07-24
MEDIUM
6.3
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing…
CVE-2025-8009
2025-07-24
MEDIUM
4.9
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all…
CVE-2025-26397
2025-07-24
HIGH
7.8
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can…
CVE-2025-7852
2025-07-24
CRITICAL
9.8
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle()…
CVE-2025-7437
2025-07-24
CRITICAL
9.8
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2025-7001
2025-07-24
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-4976
2025-07-24
MEDIUM
4.3
An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-4968
2025-07-24
MEDIUM
6.4
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements…
CVE-2025-4395
2025-07-24
MEDIUM
6.8
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access…
CVE-2025-4394
2025-07-24
MEDIUM
6.8
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read…
CVE-2025-4393
2025-07-24
MEDIUM
6.5
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the…
CVE-2025-1299
2025-07-24
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from…
CVE-2025-0765
2025-07-24
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-54377
2025-07-23
HIGH
7.8
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does…
CVE-2025-54371
2025-07-23
N/A
0.0
Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-53942
2025-07-23
N/A
0.0
authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In…
CVE-2025-53537
2025-07-23
HIGH
7.5
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below,…
CVE-2025-47281
2025-07-23
HIGH
7.7
Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of…
CVE-2025-32019
2025-07-23
MEDIUM
4.1
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below,…
CVE-2025-8058
2025-07-23
N/A
0.0
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if…
CVE-2025-50477
2025-07-23
MEDIUM
5.4
A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-47187
2025-07-23
HIGH
7.5
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through…
CVE-2025-44109
2025-07-23
MEDIUM
5.4
A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-46686
2025-07-23
MEDIUM
4.9
Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This…
CVE-2025-53882
2025-07-23
CRITICAL
9.1
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation…
CVE-2025-4700
2025-07-23
HIGH
8.7
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-4439
2025-07-23
HIGH
7.7
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-50481
2025-07-23
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts…
CVE-2025-8069
2025-07-23
HIGH
7.8
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch…
CVE-2025-8060
2025-07-23
HIGH
8.8
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-8044
2025-07-22
CRITICAL
9.8
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and…
CVE-2025-8043
2025-07-22
CRITICAL
9.8
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird…
CVE-2025-8040
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs…
CVE-2025-8035
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and…
CVE-2025-7724
2025-07-22
N/A
0.0
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before…
CVE-2025-46171
2025-07-23
MEDIUM
5.4
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large…
CVE-2025-2634
2025-07-23
HIGH
7.8
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure…
CVE-2025-2633
2025-07-23
HIGH
7.8
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information…
CVE-2025-8037
2025-07-22
CRITICAL
9.1
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was…
CVE-2025-8036
2025-07-22
HIGH
8.1
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox…
« Anterior
Página 128 de 3466
Siguiente »
Page load link
Go to Top
