Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-34057
2025-07-02
N/A
0.0
An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint.…
CVE-2025-27026
2025-07-02
MEDIUM
4.9
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to…
CVE-2025-24335
2025-07-02
LOW
2.0
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in…
CVE-2025-24334
2025-07-02
LOW
3.3
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release…
CVE-2025-24329
2025-07-02
MEDIUM
6.4
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN)…
CVE-2025-24328
2025-07-02
MEDIUM
4.2
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network…
CVE-2024-35164
2025-07-02
MEDIUM
6.8
The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based…
CVE-2025-39362
2025-07-02
MEDIUM
6.5
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.
CVE-2025-4946
2025-07-02
HIGH
8.1
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax()…
CVE-2025-2330
2025-07-02
MEDIUM
6.4
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal'…
CVE-2025-27025
2025-07-02
HIGH
8.8
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint…
CVE-2025-27024
2025-07-02
MEDIUM
6.5
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write…
CVE-2025-27023
2025-07-02
MEDIUM
6.5
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read…
CVE-2025-27022
2025-07-02
HIGH
7.5
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download…
CVE-2025-6017
2025-07-02
MEDIUM
5.5
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12,…
CVE-2024-13786
2025-07-02
CRITICAL
9.8
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via…
CVE-2025-6464
2025-07-02
HIGH
7.5
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object…
CVE-2024-13451
2025-07-02
MEDIUM
5.3
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder…
CVE-2025-6463
2025-07-02
HIGH
8.8
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file…
CVE-2025-52463
2025-07-02
LOW
3.1
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail…
CVE-2025-52462
2025-07-02
MEDIUM
6.1
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script…
CVE-2025-6687
2025-07-02
MEDIUM
6.4
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in…
CVE-2025-6686
2025-07-02
MEDIUM
6.4
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in…
CVE-2025-6459
2025-07-02
HIGH
8.8
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2025-6437
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’…
CVE-2025-5817
2025-07-02
HIGH
7.2
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and…
CVE-2025-5746
2025-07-02
CRITICAL
9.8
The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due…
CVE-2025-5339
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the…
CVE-2025-5014
2025-07-02
HIGH
8.8
The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient…
CVE-2025-52925
2025-07-02
MEDIUM
5.0
In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
CVE-2025-4689
2025-07-02
CRITICAL
9.8
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads…
CVE-2025-4654
2025-07-02
LOW
3.7
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks…
CVE-2025-4381
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’…
CVE-2025-4380
2025-07-02
HIGH
8.1
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all…
CVE-2025-3848
2025-07-02
HIGH
8.8
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via…
CVE-2024-11405
2025-07-02
MEDIUM
6.1
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token…
CVE-2025-5692
2025-07-02
HIGH
8.8
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead…
CVE-2025-36630
2025-07-02
HIGH
8.4
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite…
CVE-2025-6936
2025-07-01
HIGH
7.3
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an…
CVE-2025-6935
2025-07-01
HIGH
7.3
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is…
CVE-2025-52294
2025-07-01
MEDIUM
5.7
Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen…
CVE-2025-45083
2025-07-01
MEDIUM
6.1
Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via…
CVE-2025-6600
2025-07-01
N/A
0.0
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the…
CVE-2025-53104
2025-07-01
CRITICAL
9.1
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command…
CVE-2025-48379
2025-07-01
HIGH
7.1
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing…
CVE-2025-46259
2025-07-01
MEDIUM
5.4
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2025-45081
2025-07-01
HIGH
8.8
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.
CVE-2025-50405
2025-07-01
MEDIUM
6.5
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.
CVE-2025-45080
2025-07-01
HIGH
8.8
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack.
CVE-2025-27153
2025-07-01
MEDIUM
6.5
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access…
« Anterior
Página 209 de 3488
Siguiente »
Page load link
Go to Top
