Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53197
2025-06-27
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through…
CVE-2025-53193
2025-06-27
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst…
CVE-2025-52993
2025-06-27
MEDIUM
5.6
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the…
CVE-2025-53018
2025-06-27
LOW
3.0
Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in…
CVE-2025-52992
2025-06-27
LOW
3.2
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow…
CVE-2025-52991
2025-06-27
LOW
3.2
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This…
CVE-2025-46416
2025-06-27
LOW
2.9
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their…
CVE-2025-46415
2025-06-27
LOW
3.2
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This…
CVE-2025-36595
2025-06-27
HIGH
7.2
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')…
CVE-2024-52928
2025-06-26
CRITICAL
9.6
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions)…
CVE-2025-6767
2025-06-27
MEDIUM
6.3
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the…
CVE-2025-6766
2025-06-27
MEDIUM
6.3
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the…
CVE-2025-6765
2025-06-27
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing…
CVE-2025-52834
2025-06-27
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This…
CVE-2025-52829
2025-06-27
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing allows SQL…
CVE-2025-52827
2025-06-27
HIGH
8.8
Deserialization of Untrusted Data vulnerability in uxper Nuss allows Object Injection. This issue affects Nuss: from n/a through 1.3.3.
CVE-2025-52826
2025-06-27
HIGH
8.8
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
CVE-2025-52824
2025-06-27
HIGH
8.8
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile…
CVE-2025-52818
2025-06-27
HIGH
8.2
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty…
CVE-2025-52817
2025-06-27
HIGH
8.2
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-52816
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP…
CVE-2025-52815
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov allows PHP…
CVE-2025-52814
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP…
CVE-2025-52812
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo allows PHP…
CVE-2025-52811
2025-06-27
HIGH
8.1
Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue…
CVE-2025-52810
2025-06-27
HIGH
8.1
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from…
CVE-2025-52809
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather…
CVE-2025-52808
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite allows PHP…
CVE-2025-52799
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects…
CVE-2025-52778
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS.…
CVE-2025-52774
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue…
CVE-2025-52729
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza allows PHP…
CVE-2025-52727
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables allows Reflected…
CVE-2025-52726
2025-06-27
HIGH
8.6
Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types allows Privilege Escalation. This issue affects CouponXxL Custom Post Types:…
CVE-2025-52725
2025-06-27
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This issue affects CouponXxL: from n/a through 3.0.0.
CVE-2025-52724
2025-06-27
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection. This issue affects Amwerk: from n/a through 1.2.0.
CVE-2025-52723
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker allows PHP…
CVE-2025-52722
2025-06-27
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera allows SQL Injection. This…
CVE-2025-52717
2025-06-27
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This…
CVE-2025-52709
2025-06-27
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object Injection. This issue affects Everest Forms: from n/a through…
CVE-2025-50052
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter allows Reflected XSS. This issue…
CVE-2025-49886
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core allows…
CVE-2025-49885
2025-06-27
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows…
CVE-2025-49883
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart allows PHP…
CVE-2025-49448
2025-06-27
HIGH
8.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path…
CVE-2025-49423
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator…
CVE-2025-49416
2025-06-27
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery…
CVE-2025-49321
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects…
CVE-2025-49290
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows…
CVE-2025-47654
2025-06-27
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows…
« Anterior
Página 222 de 3493
Siguiente »
Page load link
Go to Top
