Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-6987
2025-07-26
MEDIUM
6.4
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions…
CVE-2025-8198
2025-07-26
HIGH
7.5
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions…
CVE-2025-8179
2025-07-26
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability…
CVE-2025-8178
2025-07-26
HIGH
8.8
A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file…
CVE-2025-6895
2025-07-26
CRITICAL
9.8
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function…
CVE-2025-8177
2025-07-26
MEDIUM
5.3
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function…
CVE-2025-8176
2025-07-26
MEDIUM
5.3
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function…
CVE-2025-8103
2025-07-26
MEDIUM
4.3
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-54416
2025-07-26
CRITICAL
9.1
tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events.…
CVE-2025-54415
2025-07-26
N/A
0.0
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a…
CVE-2025-54414
2025-07-26
N/A
0.0
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in…
CVE-2025-54413
2025-07-26
N/A
0.0
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain…
CVE-2025-54412
2025-07-26
N/A
0.0
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain…
CVE-2025-54385
2025-07-26
N/A
0.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between…
CVE-2025-54380
2025-07-26
MEDIUM
6.5
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6,…
CVE-2025-54378
2025-07-26
HIGH
8.3
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of…
CVE-2025-54366
2025-07-26
N/A
0.0
FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185…
CVE-2025-50185
2025-07-26
N/A
0.0
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of…
CVE-2025-50184
2025-07-26
N/A
0.0
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file…
CVE-2024-13507
2025-07-26
HIGH
7.5
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection…
CVE-2025-8175
2025-07-26
MEDIUM
6.5
A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of…
CVE-2025-8174
2025-07-26
MEDIUM
6.3
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown…
CVE-2023-2274
2025-07-26
N/A
0.0
Rejected reason: This CVE assignment was considered invalid after investigation.
CVE-2025-8173
2025-07-25
HIGH
7.3
A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this…
CVE-2025-8172
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function…
CVE-2025-8171
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some…
CVE-2025-8101
2025-07-25
N/A
0.0
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating…
CVE-2025-8170
2025-07-25
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file…
CVE-2025-8169
2025-07-25
HIGH
8.8
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file…
CVE-2025-8166
2025-07-25
HIGH
7.3
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-52455
2025-07-25
MEDIUM
5.3
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This…
CVE-2025-52454
2025-07-25
MEDIUM
5.3
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing.…
CVE-2025-52453
2025-07-25
HIGH
8.2
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing.…
CVE-2025-52452
2025-07-25
HIGH
8.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc…
CVE-2025-45960
2025-07-25
MEDIUM
6.1
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web…
CVE-2025-45893
2025-07-25
MEDIUM
6.1
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts.…
CVE-2025-45892
2025-07-25
MEDIUM
6.1
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because…
CVE-2025-45406
2025-07-25
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2025-29630
2025-07-25
HIGH
8.1
An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain remote root access…
CVE-2025-45467
2025-07-25
HIGH
7.1
Unitree Go1
CVE-2025-44608
2025-07-25
MEDIUM
6.5
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
CVE-2025-29628
2025-07-25
HIGH
8.1
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request
CVE-2024-48730
2025-07-25
MEDIUM
6.5
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any…
CVE-2024-48729
2025-07-25
HIGH
7.1
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component
CVE-2025-8197
2025-07-25
MEDIUM
5.5
A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the…
CVE-2025-8168
2025-07-25
HIGH
8.8
A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the…
CVE-2025-8167
2025-07-25
LOW
3.5
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-46198
2025-07-25
HIGH
8.8
Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror…
CVE-2025-30135
2025-07-25
CRITICAL
9.4
An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It…
CVE-2025-52449
2025-07-25
HIGH
8.5
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows…
« Anterior
Página 17 de 3361
Siguiente »
Page load link
Go to Top
