Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48923
2025-06-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-48922
2025-06-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-48921
2025-06-26
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0…
CVE-2025-6693
2025-06-26
HIGH
7.8
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of…
CVE-2025-6562
2025-06-26
HIGH
8.8
Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command Injection vulnerability, allowing remote attackers with…
CVE-2025-5966
2025-06-26
HIGH
8.1
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
CVE-2025-5366
2025-06-26
HIGH
8.1
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
CVE-2025-6561
2025-06-26
CRITICAL
9.8
Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote…
CVE-2025-3773
2025-06-26
N/A
0.0
A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to…
CVE-2025-3771
2025-06-26
N/A
0.0
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to…
CVE-2025-3722
2025-06-26
N/A
0.0
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue…
CVE-2025-6703
2025-06-26
N/A
0.0
Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.
CVE-2025-6212
2025-06-26
HIGH
7.2
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module…
CVE-2025-5842
2025-06-26
MEDIUM
6.4
The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions…
CVE-2025-5338
2025-06-26
MEDIUM
6.4
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up…
CVE-2024-6174
2025-06-26
HIGH
8.8
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To…
CVE-2025-5459
2025-06-26
N/A
0.0
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands…
CVE-2025-5846
2025-06-26
LOW
2.7
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1…
CVE-2025-5315
2025-06-26
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1…
CVE-2025-48497
2025-06-26
MEDIUM
4.3
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL…
CVE-2025-41404
2025-06-26
MEDIUM
4.3
Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents…
CVE-2025-3279
2025-06-26
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1…
CVE-2025-37101
2025-06-26
HIGH
8.7
A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing…
CVE-2025-2938
2025-06-26
LOW
3.1
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1…
CVE-2025-1754
2025-06-26
MEDIUM
5.3
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1…
CVE-2025-6624
2025-06-26
HIGH
7.2
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk…
CVE-2025-6546
2025-06-26
MEDIUM
6.4
The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions…
CVE-2025-6540
2025-06-26
MEDIUM
6.4
The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to,…
CVE-2025-6537
2025-06-26
MEDIUM
6.4
The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘playicon_title’ parameter in all versions…
CVE-2025-5932
2025-06-26
MEDIUM
4.3
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This…
CVE-2025-5929
2025-06-26
MEDIUM
6.4
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up…
CVE-2025-5813
2025-06-26
MEDIUM
5.3
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-5275
2025-06-26
MEDIUM
4.4
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to…
CVE-2025-6538
2025-06-26
MEDIUM
6.4
The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all…
CVE-2025-6383
2025-06-26
MEDIUM
6.4
The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's photonav shortcode in all versions up…
CVE-2025-6378
2025-06-26
MEDIUM
6.4
The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode…
CVE-2025-6290
2025-06-26
MEDIUM
6.4
The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all…
CVE-2025-6258
2025-06-26
MEDIUM
6.4
The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions…
CVE-2025-5812
2025-06-26
MEDIUM
4.3
The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
CVE-2025-5590
2025-06-26
HIGH
8.8
The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions…
CVE-2025-5588
2025-06-26
MEDIUM
6.4
The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all…
CVE-2025-5564
2025-06-26
MEDIUM
6.4
The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gc_social_wall' shortcode in all…
CVE-2025-5559
2025-06-26
MEDIUM
6.4
The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'timezonecalculator_output' shortcode in all versions up…
CVE-2025-5540
2025-06-26
MEDIUM
6.4
The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2025-5535
2025-06-26
MEDIUM
6.4
The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions…
CVE-2025-5488
2025-06-26
MEDIUM
6.4
The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode…
CVE-2025-4334
2025-06-26
CRITICAL
9.8
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.…
CVE-2025-3863
2025-06-26
MEDIUM
4.3
The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check…
CVE-2025-6669
2025-06-25
LOW
3.7
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown…
CVE-2025-6668
2025-06-25
HIGH
7.3
A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown…
« Anterior
Página 226 de 3493
Siguiente »
Page load link
Go to Top
