Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-3933
2025-07-11
MEDIUM
5.3
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor…
CVE-2025-6851
2025-07-11
HIGH
7.2
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-6838
2025-07-11
MEDIUM
4.1
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0…
CVE-2025-6438
2025-07-11
MEDIUM
6.8
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML…
CVE-2025-7442
2025-07-11
HIGH
7.5
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the…
CVE-2025-6745
2025-07-11
MEDIUM
5.3
The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the…
CVE-2025-6068
2025-07-11
MEDIUM
6.4
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-5530
2025-07-11
MEDIUM
6.4
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode…
CVE-2025-4593
2025-07-11
MEDIUM
6.5
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,…
CVE-2025-6716
2025-07-11
MEDIUM
6.4
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share…
CVE-2025-5992
2025-07-11
N/A
0.0
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this…
CVE-2025-5392
2025-07-11
CRITICAL
9.8
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,…
CVE-2025-5028
2025-07-11
N/A
0.0
Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the…
CVE-2025-30026
2025-07-11
N/A
0.0
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
CVE-2025-30025
2025-07-11
N/A
0.0
The communication protocol used between the server process and the service control had a flaw that could lead to a…
CVE-2025-30024
2025-07-11
MEDIUM
6.8
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in…
CVE-2025-30023
2025-07-11
CRITICAL
9.0
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a…
CVE-2025-2942
2025-07-11
N/A
0.0
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via…
CVE-2025-7401
2025-07-11
CRITICAL
9.8
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due…
CVE-2025-53852
2025-07-11
N/A
0.0
Rejected reason: Not used
CVE-2025-53851
2025-07-11
N/A
0.0
Rejected reason: Not used
CVE-2025-53850
2025-07-11
N/A
0.0
Rejected reason: Not used
CVE-2025-53849
2025-07-11
N/A
0.0
Rejected reason: Not used
CVE-2025-53848
2025-07-11
N/A
0.0
Rejected reason: Not used
CVE-2025-5241
2025-07-11
MEDIUM
5.3
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout…
CVE-2025-53515
2025-07-11
HIGH
8.8
A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires…
CVE-2025-53509
2025-07-11
MEDIUM
6.5
A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker…
CVE-2025-53471
2025-07-11
MEDIUM
5.1
Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the…
CVE-2025-53397
2025-07-11
MEDIUM
5.4
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS)…
CVE-2025-52579
2025-07-11
CRITICAL
9.4
Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in…
CVE-2025-52459
2025-07-11
MEDIUM
6.5
A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with…
CVE-2025-50109
2025-07-11
HIGH
7.7
Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2025-48496
2025-07-11
MEDIUM
5.1
Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that…
CVE-2025-46358
2025-07-11
HIGH
7.7
Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against…
CVE-2025-31267
2025-07-10
N/A
0.0
An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker…
CVE-2025-1727
2025-07-10
HIGH
8.1
The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a…
CVE-2025-7417
2025-07-10
HIGH
8.8
A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function…
CVE-2025-7416
2025-07-10
HIGH
8.8
A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the…
CVE-2025-6392
2025-07-10
N/A
0.0
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data…
CVE-2025-53637
2025-07-10
MEDIUM
4.1
Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has…
CVE-2025-24798
2025-07-10
MEDIUM
4.3
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that…
CVE-2025-7415
2025-07-10
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet…
CVE-2025-7414
2025-07-10
MEDIUM
6.3
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file…
CVE-2025-6390
2025-07-10
N/A
0.0
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and…
CVE-2025-53629
2025-07-10
HIGH
7.5
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the…
CVE-2025-53628
2025-07-10
N/A
0.0
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for…
CVE-2025-4662
2025-07-10
N/A
0.0
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command…
CVE-2025-3947
2025-07-10
HIGH
8.2
The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit…
CVE-2025-3946
2025-07-10
HIGH
8.2
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA).…
CVE-2025-2523
2025-07-10
CRITICAL
9.4
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker…
« Anterior
Página 160 de 3469
Siguiente »
Page load link
Go to Top
