Skip to content
Toggle Navigation
Home
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Normativa y Leyes
Novedades
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-6668
2025-05-15
MEDIUM
5.4
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could…
CVE-2025-3888
2025-05-17
MEDIUM
6.4
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions…
CVE-2024-4665
2025-05-15
MEDIUM
5.3
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for…
CVE-2025-4669
2025-05-17
MEDIUM
6.4
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all…
CVE-2024-6708
2025-05-15
MEDIUM
4.8
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on…
CVE-2024-6711
2025-05-15
MEDIUM
6.1
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow…
CVE-2024-7758
2025-05-15
MEDIUM
4.8
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8493
2025-05-15
MEDIUM
4.8
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8542
2025-05-15
MEDIUM
4.8
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8617
2025-05-15
MEDIUM
4.8
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege…
CVE-2024-8619
2025-05-15
MEDIUM
4.8
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8620
2025-05-15
MEDIUM
4.8
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8670
2025-05-15
MEDIUM
4.8
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could…
CVE-2024-8700
2025-05-15
HIGH
7.5
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete…
CVE-2025-4578
2025-06-04
CRITICAL
9.8
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a…
CVE-2024-9233
2025-05-15
MEDIUM
4.3
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-9390
2025-05-15
MEDIUM
4.8
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9450
2025-05-15
MEDIUM
6.5
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in…
CVE-2024-9599
2025-05-15
MEDIUM
5.4
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-9645
2025-05-15
MEDIUM
5.4
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape…
CVE-2025-1289
2025-05-15
MEDIUM
4.8
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-1303
2025-05-15
MEDIUM
6.1
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the…
CVE-2025-4580
2025-06-04
MEDIUM
4.3
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could…
CVE-2025-2247
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow…
CVE-2025-2248
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement,…
CVE-2025-47161
2025-05-15
HIGH
7.8
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-1138
2025-05-15
MEDIUM
4.3
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against…
CVE-2024-51475
2025-05-16
MEDIUM
5.4
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,…
CVE-2025-48174
2025-05-16
MEDIUM
4.5
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE-2025-27703
2025-05-28
MEDIUM
6.0
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with…
CVE-2025-27706
2025-05-28
LOW
3.4
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with…
CVE-2025-46078
2025-05-29
MEDIUM
5.3
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server
CVE-2025-46080
2025-05-29
MEDIUM
5.3
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious…
CVE-2025-41385
2025-05-30
HIGH
7.2
An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command…
CVE-2025-41406
2025-05-30
MEDIUM
6.1
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with…
CVE-2025-47697
2025-05-30
HIGH
7.5
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication…
CVE-2025-48486
2025-05-30
MEDIUM
5.4
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is…
CVE-2025-48487
2025-05-30
MEDIUM
4.8
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a…
CVE-2025-48488
2025-05-30
MEDIUM
5.4
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an…
CVE-2025-48489
2025-05-30
MEDIUM
4.8
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site…
CVE-2025-48492
2025-05-30
HIGH
8.8
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to…
CVE-2025-48865
2025-05-30
CRITICAL
9.1
Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients…
CVE-2025-48875
2025-05-30
MEDIUM
5.4
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name…
CVE-2025-3936
2025-05-22
MEDIUM
6.5
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows…
CVE-2025-3937
2025-05-22
HIGH
7.7
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise…
CVE-2025-3938
2025-05-22
MEDIUM
6.8
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX…
CVE-2025-3939
2025-05-22
MEDIUM
5.3
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX…
CVE-2025-3940
2025-05-22
MEDIUM
5.3
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows,…
CVE-2025-3941
2025-05-22
MEDIUM
5.4
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on…
CVE-2025-3942
2025-05-22
MEDIUM
4.3
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows,…
« Anterior
Página 13 de 3220
Siguiente »
Page load link
Go to Top
