Skip to content
Toggle Navigation
Home
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Normativa y Leyes
Novedades
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-22245
2025-06-04
MEDIUM
5.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244
2025-06-04
MEDIUM
6.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243
2025-06-04
HIGH
7.5
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-24015
2025-06-03
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM…
CVE-2020-27298
2021-01-26
MEDIUM
6.5
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The…
CVE-2020-14506
2020-09-18
LOW
3.4
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or…
CVE-2024-13613
2025-05-17
HIGH
7.5
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3…
CVE-2025-5267
2025-05-27
MEDIUM
5.4
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious…
CVE-2025-5266
2025-05-27
MEDIUM
6.5
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox…
CVE-2025-5264
2025-05-27
MEDIUM
4.8
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user…
CVE-2025-33103
2025-05-17
HIGH
8.5
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability.…
CVE-2025-4839
2025-05-17
LOW
3.1
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown…
CVE-2025-4842
2025-05-17
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged…
CVE-2025-4843
2025-05-18
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of…
CVE-2025-4844
2025-05-18
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-4845
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is…
CVE-2025-4847
2025-05-18
HIGH
7.3
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of…
CVE-2025-4848
2025-05-18
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-4852
2025-05-18
LOW
2.4
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing…
CVE-2025-3527
2025-05-17
MEDIUM
6.4
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in…
CVE-2024-6668
2025-05-15
MEDIUM
5.4
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could…
CVE-2025-3888
2025-05-17
MEDIUM
6.4
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions…
CVE-2024-4665
2025-05-15
MEDIUM
5.3
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for…
CVE-2025-4669
2025-05-17
MEDIUM
6.4
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all…
CVE-2024-6708
2025-05-15
MEDIUM
4.8
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on…
CVE-2024-6711
2025-05-15
MEDIUM
6.1
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow…
CVE-2024-7758
2025-05-15
MEDIUM
4.8
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8493
2025-05-15
MEDIUM
4.8
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8542
2025-05-15
MEDIUM
4.8
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8617
2025-05-15
MEDIUM
4.8
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege…
CVE-2024-8619
2025-05-15
MEDIUM
4.8
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8620
2025-05-15
MEDIUM
4.8
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8670
2025-05-15
MEDIUM
4.8
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could…
CVE-2024-8700
2025-05-15
HIGH
7.5
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete…
CVE-2025-4578
2025-06-04
CRITICAL
9.8
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a…
CVE-2024-9233
2025-05-15
MEDIUM
4.3
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-9390
2025-05-15
MEDIUM
4.8
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9450
2025-05-15
MEDIUM
6.5
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in…
CVE-2024-9599
2025-05-15
MEDIUM
5.4
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-9645
2025-05-15
MEDIUM
5.4
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape…
CVE-2025-1289
2025-05-15
MEDIUM
4.8
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-1303
2025-05-15
MEDIUM
6.1
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the…
CVE-2025-4580
2025-06-04
MEDIUM
4.3
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could…
CVE-2025-2247
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow…
CVE-2025-2248
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement,…
CVE-2025-47161
2025-05-15
HIGH
7.8
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-1138
2025-05-15
MEDIUM
4.3
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against…
CVE-2024-51475
2025-05-16
MEDIUM
5.4
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,…
CVE-2025-48174
2025-05-16
MEDIUM
4.5
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE-2025-27703
2025-05-28
MEDIUM
6.0
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with…
« Anterior
Página 15 de 3223
Siguiente »
Page load link
Go to Top
