Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-28951
2025-07-04
CRITICAL
9.1
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a…
CVE-2025-27358
2025-07-04
MEDIUM
4.6
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code…
CVE-2025-27326
2025-07-04
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Video Gallery Block – Display your videos…
CVE-2025-26591
2025-07-04
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox allows Stored XSS. This…
CVE-2025-24764
2025-07-04
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones (Simply) Guest Author Name allows DOM-Based…
CVE-2025-24757
2025-07-04
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This…
CVE-2025-24748
2025-07-04
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive…
CVE-2025-24735
2025-07-04
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart…
CVE-2025-23972
2025-07-04
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue…
CVE-2024-9453
2025-07-04
MEDIUM
6.5
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially…
CVE-2025-6673
2025-07-04
MEDIUM
6.4
The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsc_eprm_menu_link shortcode in…
CVE-2025-53600
2025-07-04
N/A
0.0
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-53599
2025-07-04
N/A
0.0
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript…
CVE-2025-32918
2025-07-04
N/A
0.0
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions
CVE-2024-11937
2025-07-04
MEDIUM
6.4
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the…
CVE-2025-6944
2025-07-04
MEDIUM
6.4
The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncode_hl_text' and 'uncode_text_icon' shortcodes in…
CVE-2025-5372
2025-07-04
MEDIUM
5.0
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible…
CVE-2025-7053
2025-07-04
LOW
3.5
A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown…
CVE-2025-7046
2025-07-04
MEDIUM
6.4
The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2025-6814
2025-07-04
HIGH
7.5
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
CVE-2025-6787
2025-07-04
MEDIUM
6.4
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions…
CVE-2025-6786
2025-07-04
MEDIUM
5.3
The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5.…
CVE-2025-6783
2025-07-04
HIGH
7.5
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in…
CVE-2025-6782
2025-07-04
HIGH
7.5
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in…
CVE-2025-6739
2025-07-04
MEDIUM
6.5
The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all…
CVE-2025-6729
2025-07-04
MEDIUM
6.4
The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-6586
2025-07-04
HIGH
7.2
The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2025-6238
2025-07-04
HIGH
8.0
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure…
CVE-2025-6041
2025-07-04
MEDIUM
6.1
The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This…
CVE-2025-6039
2025-07-04
MEDIUM
6.4
The ProcessingJS for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pjs4wp' shortcode in all…
CVE-2025-5956
2025-07-04
MEDIUM
6.5
The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within…
CVE-2025-5953
2025-07-04
HIGH
8.8
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee()…
CVE-2025-5933
2025-07-04
MEDIUM
4.3
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.…
CVE-2025-5924
2025-07-04
MEDIUM
4.3
The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-5567
2025-07-04
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM…
CVE-2025-5322
2025-07-03
HIGH
7.2
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-53367
2025-07-03
N/A
0.0
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the…
CVE-2025-49826
2025-07-03
HIGH
7.5
Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug…
CVE-2025-49005
2025-07-03
LOW
3.7
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and…
CVE-2025-53370
2025-07-03
HIGH
8.6
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short…
CVE-2025-53369
2025-07-03
HIGH
8.6
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly…
CVE-2025-53368
2025-07-03
HIGH
8.6
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page…
CVE-2025-52554
2025-07-03
N/A
0.0
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of…
CVE-2025-34089
2025-07-03
N/A
0.0
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio,…
CVE-2025-34088
2025-07-03
N/A
0.0
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users…
CVE-2025-34087
2025-07-03
N/A
0.0
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via…
CVE-2025-34086
2025-07-03
N/A
0.0
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote…
CVE-2025-34082
2025-07-03
N/A
0.0
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services.…
CVE-2025-34061
2025-07-03
N/A
0.0
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations.…
CVE-2025-45809
2025-07-03
MEDIUM
5.4
BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint.
« Anterior
Página 204 de 3488
Siguiente »
Page load link
Go to Top
