Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001 – GAP Analysis Tool
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001 – GAP Analysis Tool
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-32499
2026-03-25
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through
CVE-2026-32498
2026-03-25
N/A
0.0
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through
CVE-2026-32497
2026-03-25
N/A
0.0
Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through
CVE-2026-32496
2026-03-25
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect…
CVE-2026-32495
2026-03-25
N/A
0.0
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through
CVE-2026-32493
2026-03-25
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through
CVE-2026-32492
2026-03-25
N/A
0.0
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through
CVE-2026-32489
2026-03-25
N/A
0.0
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32488
2026-03-25
N/A
0.0
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through
CVE-2026-32485
2026-03-25
N/A
0.0
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through
CVE-2026-32484
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through
CVE-2026-32483
2026-03-25
N/A
0.0
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through
CVE-2026-32482
2026-03-25
N/A
0.0
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through <…
CVE-2026-32441
2026-03-25
N/A
0.0
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through
CVE-2026-31921
2026-03-25
N/A
0.0
Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through
CVE-2026-31920
2026-03-25
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product…
CVE-2026-31913
2026-03-25
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16.
CVE-2026-2995
2026-03-25
HIGH
7.7
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2973
2026-03-25
MEDIUM
5.4
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2745
2026-03-25
MEDIUM
6.8
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated…
CVE-2026-2726
2026-03-25
MEDIUM
4.3
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated…
CVE-2026-2414
2026-03-25
N/A
0.0
Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
CVE-2026-29092
2026-03-25
MEDIUM
4.9
Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after…
CVE-2026-27659
2026-03-25
MEDIUM
4.6
Mattermost versions 11.2.x
CVE-2026-27656
2026-03-25
MEDIUM
5.7
Mattermost versions 11.4.x
CVE-2026-27095
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through
CVE-2026-27084
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through
CVE-2026-27083
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through
CVE-2026-27082
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through
CVE-2026-27081
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from…
CVE-2026-27080
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from…
CVE-2026-27079
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from…
CVE-2026-27078
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from…
CVE-2026-27077
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from…
CVE-2026-27076
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from…
CVE-2026-27075
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from…
CVE-2026-27073
2026-03-25
N/A
0.0
Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan…
CVE-2026-27071
2026-03-25
N/A
0.0
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through
CVE-2026-27051
2026-03-25
N/A
0.0
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through
CVE-2026-27049
2026-03-25
N/A
0.0
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through
CVE-2026-27048
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects…
CVE-2026-27047
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly…
CVE-2026-27046
2026-03-25
N/A
0.0
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through
CVE-2026-27045
2026-03-25
N/A
0.0
Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through
CVE-2026-27040
2026-03-25
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through
CVE-2026-27039
2026-03-25
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through
CVE-2026-26233
2026-03-25
MEDIUM
4.3
Mattermost versions 11.4.x
CVE-2026-25469
2026-03-25
N/A
0.0
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through
CVE-2026-25464
2026-03-25
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from…
CVE-2026-25462
2026-03-25
N/A
0.0
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through
« Anterior
Página 23 de 4105
Siguiente »
Page load link
Go to Top
