Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-27025
2025-07-02
HIGH
8.8
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint…
CVE-2025-27024
2025-07-02
MEDIUM
6.5
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write…
CVE-2025-27023
2025-07-02
MEDIUM
6.5
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read…
CVE-2025-27022
2025-07-02
HIGH
7.5
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download…
CVE-2025-6017
2025-07-02
MEDIUM
5.5
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12,…
CVE-2024-13786
2025-07-02
CRITICAL
9.8
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via…
CVE-2025-6464
2025-07-02
HIGH
7.5
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object…
CVE-2024-13451
2025-07-02
MEDIUM
5.3
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder…
CVE-2025-6463
2025-07-02
HIGH
8.8
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file…
CVE-2025-52463
2025-07-02
LOW
3.1
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail…
CVE-2025-52462
2025-07-02
MEDIUM
6.1
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script…
CVE-2025-6687
2025-07-02
MEDIUM
6.4
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in…
CVE-2025-6686
2025-07-02
MEDIUM
6.4
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in…
CVE-2025-6459
2025-07-02
HIGH
8.8
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2025-6437
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’…
CVE-2025-5817
2025-07-02
HIGH
7.2
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and…
CVE-2025-5746
2025-07-02
CRITICAL
9.8
The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due…
CVE-2025-5339
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the…
CVE-2025-5014
2025-07-02
HIGH
8.8
The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient…
CVE-2025-52925
2025-07-02
MEDIUM
5.0
In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
CVE-2025-4689
2025-07-02
CRITICAL
9.8
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads…
CVE-2025-4654
2025-07-02
LOW
3.7
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks…
CVE-2025-4381
2025-07-02
HIGH
7.5
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’…
CVE-2025-4380
2025-07-02
HIGH
8.1
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all…
CVE-2025-3848
2025-07-02
HIGH
8.8
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via…
CVE-2024-11405
2025-07-02
MEDIUM
6.1
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token…
CVE-2025-5692
2025-07-02
HIGH
8.8
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead…
CVE-2025-36630
2025-07-02
HIGH
8.4
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite…
CVE-2025-6936
2025-07-01
HIGH
7.3
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an…
CVE-2025-6935
2025-07-01
HIGH
7.3
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is…
CVE-2025-52294
2025-07-01
MEDIUM
5.7
Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen…
CVE-2025-45083
2025-07-01
MEDIUM
6.1
Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via…
CVE-2025-6600
2025-07-01
N/A
0.0
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the…
CVE-2025-53104
2025-07-01
CRITICAL
9.1
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command…
CVE-2025-48379
2025-07-01
HIGH
7.1
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing…
CVE-2025-46259
2025-07-01
MEDIUM
5.4
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2025-45081
2025-07-01
HIGH
8.8
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.
CVE-2025-50405
2025-07-01
MEDIUM
6.5
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.
CVE-2025-45080
2025-07-01
HIGH
8.8
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack.
CVE-2025-27153
2025-07-01
MEDIUM
6.5
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access…
CVE-2025-6297
2025-07-01
HIGH
8.2
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory,…
CVE-2025-53107
2025-07-01
HIGH
7.5
@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection…
CVE-2025-53103
2025-07-01
MEDIUM
5.8
JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open…
CVE-2025-53100
2025-07-01
N/A
0.0
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is…
CVE-2025-37099
2025-07-01
CRITICAL
9.8
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVE-2025-34081
2025-07-01
N/A
0.0
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive…
CVE-2025-34080
2025-07-01
N/A
0.0
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow…
CVE-2025-6963
2025-07-01
HIGH
7.3
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code…
CVE-2025-6962
2025-07-01
HIGH
7.3
A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part…
CVE-2025-6961
2025-07-01
HIGH
7.3
A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue…
« Anterior
Página 211 de 3490
Siguiente »
Page load link
Go to Top
