Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-61632
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61631
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61630
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61629
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61628
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61627
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61626
2025-09-30
N/A
0.0
Rejected reason: Not used
CVE-2025-61584
2025-09-30
N/A
0.0
serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action…
CVE-2025-59668
2025-09-30
HIGH
7.5
Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.
CVE-2025-41099
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41098
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a misuse of the general enquiry web service.
CVE-2025-41097
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41096
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41095
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41094
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41093
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41092
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-41091
2025-09-30
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated…
CVE-2025-11163
2025-09-30
MEDIUM
4.3
The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in…
CVE-2025-10196
2025-09-30
MEDIUM
6.4
The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplace_embed' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-10191
2025-09-30
MEDIUM
6.4
The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wooboigpost_shipping_status' shortcode in all versions up to, and including, 2.1.1…
CVE-2025-10189
2025-09-30
MEDIUM
6.4
The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdm_login' shortcode in all versions up to, and including, 1.0.0 due to…
CVE-2025-10182
2025-09-30
MEDIUM
6.4
The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input…
CVE-2025-10179
2025-09-30
MEDIUM
6.4
The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-10168
2025-09-30
MEDIUM
6.4
The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'any-ticker' shortcode in all versions up to, and including, 3.1.1 due to…
CVE-2025-10131
2025-09-30
MEDIUM
6.4
The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due…
CVE-2025-10130
2025-09-30
MEDIUM
6.4
The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input…
CVE-2025-10128
2025-09-30
MEDIUM
6.4
The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to…
CVE-2025-10000
2025-09-30
MEDIUM
6.4
The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blob_to_file() function in…
CVE-2025-59952
2025-09-30
N/A
0.0
MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions…
CVE-2025-59942
2025-09-29
HIGH
7.5
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming…
CVE-2025-59941
2025-09-29
MEDIUM
5.9
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are…
CVE-2025-59940
2025-09-29
MEDIUM
6.5
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed…
CVE-2025-43817
2025-09-29
N/A
0.0
Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92…
CVE-2025-43813
2025-09-29
N/A
0.0
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8,…
CVE-2025-43812
2025-09-29
N/A
0.0
Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-36245
2025-09-29
HIGH
8.8
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user…
CVE-2025-59933
2025-09-29
N/A
0.0
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation…
CVE-2025-59163
2025-09-29
N/A
0.0
vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and…
CVE-2025-43820
2025-09-29
N/A
0.0
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1…
CVE-2025-43818
2025-09-29
N/A
0.0
Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update…
CVE-2025-43815
2025-09-29
N/A
0.0
Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to…
CVE-2025-43811
2025-09-29
N/A
0.0
Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4…
CVE-2025-57266
2025-09-29
CRITICAL
9.8
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list…
CVE-2025-45376
2025-09-29
HIGH
7.5
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2025-34233
2025-09-29
N/A
0.0
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents()…
CVE-2025-34230
2025-09-29
N/A
0.0
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable…
CVE-2025-34229
2025-09-29
N/A
0.0
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/installApp.php…
CVE-2025-34228
2025-09-29
N/A
0.0
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is…
CVE-2025-34222
2025-09-29
N/A
0.0
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /admin/certs/serviceclients/{scid} – without…
« Anterior
Página 129 de 3647
Siguiente »
Page load link
Go to Top
