Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-23968
2025-07-03
CRITICAL
9.1
Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web…
CVE-2025-6926
2025-07-03
HIGH
8.8
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension:…
CVE-2025-53502
2025-07-03
MEDIUM
6.5
Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds…
CVE-2025-53501
2025-07-03
HIGH
8.8
Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This…
CVE-2025-53500
2025-07-03
MEDIUM
5.6
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension…
CVE-2025-53490
2025-07-03
MEDIUM
5.6
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension…
CVE-2025-53489
2025-07-03
MEDIUM
5.6
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension…
CVE-2025-6074
2025-07-03
MEDIUM
6.5
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the…
CVE-2025-6073
2025-07-03
HIGH
7.5
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and…
CVE-2025-6072
2025-07-03
HIGH
7.5
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and…
CVE-2025-6071
2025-07-03
MEDIUM
5.3
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information…
CVE-2025-49846
2025-07-03
N/A
0.0
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that…
CVE-2025-48939
2025-07-03
MEDIUM
4.2
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript…
CVE-2025-20309
2025-07-02
CRITICAL
10.0
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME)…
CVE-2025-50262
2025-07-03
HIGH
7.5
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.
CVE-2025-50260
2025-07-03
HIGH
7.5
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.
CVE-2025-45938
2025-07-03
MEDIUM
5.4
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter.
CVE-2025-5961
2025-07-03
HIGH
7.2
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to…
CVE-2025-50263
2025-07-03
HIGH
8.1
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.
CVE-2025-50258
2025-07-03
HIGH
8.1
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.
CVE-2025-43713
2025-07-03
MEDIUM
6.5
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support…
CVE-2025-49618
2025-07-03
MEDIUM
5.8
In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
CVE-2025-49595
2025-07-03
MEDIUM
4.9
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint…
CVE-2025-49032
2025-07-03
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS.This issue affects…
CVE-2025-3702
2025-07-03
MEDIUM
5.4
Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File…
CVE-2025-2932
2025-07-03
HIGH
8.8
The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler'…
CVE-2025-2537
2025-07-03
MEDIUM
6.4
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in…
CVE-2025-6563
2025-07-03
N/A
0.0
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject…
CVE-2025-40723
2025-07-03
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due…
CVE-2025-40722
2025-07-03
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due…
CVE-2025-2540
2025-07-03
MEDIUM
6.4
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various…
CVE-2025-27461
2025-07-03
HIGH
7.6
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
CVE-2025-27460
2025-07-03
HIGH
7.6
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows…
CVE-2025-27459
2025-07-03
MEDIUM
4.4
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the…
CVE-2025-27458
2025-07-03
MEDIUM
6.5
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption.…
CVE-2025-27457
2025-07-03
MEDIUM
6.5
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain…
CVE-2025-27456
2025-07-03
HIGH
7.5
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time…
CVE-2025-27455
2025-07-03
MEDIUM
4.3
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to…
CVE-2025-27454
2025-07-03
MEDIUM
4.3
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a…
CVE-2025-27453
2025-07-03
MEDIUM
5.3
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources…
CVE-2025-27452
2025-07-03
MEDIUM
5.3
The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated…
CVE-2025-27451
2025-07-03
MEDIUM
5.3
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect…
CVE-2025-27450
2025-07-03
MEDIUM
6.5
The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish…
CVE-2025-27449
2025-07-03
HIGH
7.5
The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it…
CVE-2025-27448
2025-07-03
MEDIUM
6.8
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into…
CVE-2025-27447
2025-07-03
HIGH
7.4
The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into…
CVE-2025-1711
2025-07-03
MEDIUM
4.3
Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.
CVE-2025-1710
2025-07-03
HIGH
7.5
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame,…
CVE-2025-1709
2025-07-03
MEDIUM
6.5
Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).
CVE-2025-1708
2025-07-03
HIGH
8.6
The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its…
« Anterior
Página 205 de 3488
Siguiente »
Page load link
Go to Top
