Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-51869
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id,…
CVE-2025-51868
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter…
CVE-2025-51401
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51400
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51398
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51397
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51396
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML…
CVE-2025-4295
2025-07-22
MEDIUM
4.6
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025.
CVE-2025-4294
2025-07-22
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HotelRunner B2B allows Cross-Site Scripting (XSS).This…
CVE-2025-44654
2025-07-21
CRITICAL
9.8
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access…
CVE-2025-44649
2025-07-21
HIGH
7.5
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive.…
CVE-2025-43720
2025-07-21
MEDIUM
6.5
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user…
CVE-2015-10140
2025-07-22
HIGH
8.8
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated…
CVE-2025-34143
2025-07-22
N/A
0.0
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged…
CVE-2025-34142
2025-07-22
N/A
0.0
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint.…
CVE-2025-34141
2025-07-22
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires…
CVE-2025-34140
2025-07-22
N/A
0.0
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix…
CVE-2024-55040
2025-07-21
N/A
0.0
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code…
CVE-2025-7705
2025-07-22
MEDIUM
6.8
: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects…
CVE-2025-4285
2025-07-22
CRITICAL
10.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL…
CVE-2025-4284
2025-07-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rolantis Information Technologies Agentis allows Reflected…
CVE-2025-7900
2025-07-22
N/A
0.0
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager…
CVE-2025-7899
2025-07-22
N/A
0.0
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects…
CVE-2025-7692
2025-07-22
HIGH
8.1
The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including,…
CVE-2025-7687
2025-07-22
MEDIUM
6.1
The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-7685
2025-07-22
MEDIUM
6.1
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,…
CVE-2025-7427
2025-07-22
N/A
0.0
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful…
CVE-2025-6213
2025-07-22
HIGH
7.2
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2025-6187
2025-07-22
CRITICAL
9.8
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in…
CVE-2025-6082
2025-07-22
MEDIUM
5.3
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including,…
CVE-2025-53472
2025-07-22
HIGH
7.2
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in…
CVE-2025-46267
2025-07-22
MEDIUM
4.9
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a…
CVE-2025-38352
2025-07-22
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting…
CVE-2025-7645
2025-07-22
HIGH
8.1
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file…
CVE-2025-7644
2025-07-22
MEDIUM
6.4
The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery…
CVE-2025-7495
2025-07-22
MEDIUM
6.4
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all…
CVE-2025-6585
2025-07-22
HIGH
8.1
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
CVE-2025-52580
2025-07-22
LOW
2.4
Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited,…
CVE-2025-7953
2025-07-22
LOW
3.5
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some…
CVE-2025-7952
2025-07-22
MEDIUM
6.3
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file…
CVE-2025-7951
2025-07-22
LOW
3.5
A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of…
CVE-2025-7950
2025-07-22
HIGH
7.3
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue…
CVE-2025-6831
2025-07-22
MEDIUM
6.4
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions…
CVE-2025-5240
2025-07-22
MEDIUM
6.4
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter…
CVE-2015-10137
2025-07-22
CRITICAL
9.8
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file…
CVE-2012-10020
2025-07-22
CRITICAL
9.8
The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php…
CVE-2025-7945
2025-07-22
HIGH
8.8
A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the…
CVE-2025-7944
2025-07-21
MEDIUM
4.3
A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0. It has been classified as problematic. This affects an…
CVE-2025-7943
2025-07-21
MEDIUM
4.3
A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this issue is…
CVE-2025-7486
2025-07-21
MEDIUM
4.4
The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up…
« Anterior
Página 133 de 3467
Siguiente »
Page load link
Go to Top
