Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-34068
2025-07-15
N/A
0.0
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input…
CVE-2025-53820
2025-07-14
MEDIUM
6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53818
2025-07-14
N/A
0.0
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and…
CVE-2025-53015
2025-07-14
HIGH
7.5
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines…
CVE-2025-7667
2025-07-15
HIGH
8.1
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-4369
2025-07-15
MEDIUM
5.5
The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘update_delay_days’ parameter in all versions…
CVE-2025-24477
2025-07-15
MEDIUM
4.2
A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker…
CVE-2025-7672
2025-07-15
MEDIUM
4.3
The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects…
CVE-2025-3621
2025-07-15
CRITICAL
9.6
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities:…
CVE-2025-7367
2025-07-15
MEDIUM
6.4
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions…
CVE-2025-7360
2025-07-15
CRITICAL
9.1
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable…
CVE-2025-7341
2025-07-15
CRITICAL
9.1
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable…
CVE-2025-7340
2025-07-15
CRITICAL
9.8
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable…
CVE-2025-5394
2025-07-15
CRITICAL
9.8
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a…
CVE-2025-5393
2025-07-15
CRITICAL
9.1
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient…
CVE-2025-6265
2025-07-15
HIGH
7.2
A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow…
CVE-2025-53891
2025-07-15
MEDIUM
4.3
The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE…
CVE-2025-53889
2025-07-15
MEDIUM
6.5
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to…
CVE-2025-53887
2025-07-15
MEDIUM
5.3
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to…
CVE-2025-53886
2025-07-15
MEDIUM
4.5
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to…
CVE-2025-53885
2025-07-15
MEDIUM
4.2
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to…
CVE-2025-53839
2025-07-15
MEDIUM
4.0
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their…
CVE-2025-53834
2025-07-14
MEDIUM
6.3
Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component…
CVE-2025-53833
2025-07-14
CRITICAL
10.0
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1…
CVE-2025-53819
2025-07-14
HIGH
7.9
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with…
CVE-2025-53643
2025-07-14
N/A
0.0
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable…
CVE-2025-53640
2025-07-14
N/A
0.0
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and…
CVE-2025-53639
2025-07-14
N/A
0.0
MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is…
CVE-2025-53623
2025-07-14
N/A
0.0
The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0…
CVE-2025-53101
2025-07-14
HIGH
7.4
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26,…
CVE-2025-53019
2025-07-14
LOW
3.7
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26,…
CVE-2025-7628
2025-07-14
MEDIUM
5.4
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function…
CVE-2025-7627
2025-07-14
MEDIUM
6.3
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the…
CVE-2025-53014
2025-07-14
LOW
3.7
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have…
CVE-2025-52363
2025-07-14
MEDIUM
6.8
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with…
CVE-2025-7626
2025-07-14
MEDIUM
4.3
A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerability is…
CVE-2025-7625
2025-07-14
MEDIUM
4.3
A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download…
CVE-2025-51660
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
CVE-2025-51659
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
CVE-2025-51658
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
CVE-2025-51657
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
CVE-2025-51656
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
CVE-2025-51655
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
CVE-2025-51654
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
CVE-2025-51653
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
CVE-2025-51652
2025-07-14
MEDIUM
5.4
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
CVE-2025-51651
2025-07-14
MEDIUM
5.5
An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via…
CVE-2025-51650
2025-07-14
MEDIUM
5.6
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading…
CVE-2024-42649
2025-07-14
N/A
0.0
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via…
CVE-2024-42648
2025-07-14
N/A
0.0
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via…
« Anterior
Página 153 de 3468
Siguiente »
Page load link
Go to Top
