Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-49255
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza allows PHP…
CVE-2025-49254
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP…
CVE-2025-49253
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP…
CVE-2025-49252
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP…
CVE-2025-49251
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP…
CVE-2025-49234
2025-06-17
MEDIUM
6.5
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-49180
2025-06-17
MEDIUM
6.1
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads…
CVE-2025-49179
2025-06-17
MEDIUM
6.6
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when…
CVE-2025-49178
2025-06-17
MEDIUM
5.5
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause…
CVE-2025-49177
2025-06-17
MEDIUM
5.5
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client…
CVE-2025-49176
2025-06-17
MEDIUM
6.6
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the…
CVE-2025-49175
2025-06-17
MEDIUM
5.5
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the…
CVE-2025-49071
2025-06-17
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server.…
CVE-2025-48333
2025-06-17
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected…
CVE-2025-48274
2025-06-17
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind…
CVE-2025-48145
2025-06-17
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP…
CVE-2025-48118
2025-06-17
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows…
CVE-2025-48111
2025-06-17
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue…
CVE-2025-47573
2025-06-17
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL…
CVE-2025-47572
2025-06-17
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows…
CVE-2025-47559
2025-06-17
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.…
CVE-2025-47452
2025-06-17
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web…
CVE-2025-39508
2025-06-17
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue…
CVE-2025-39486
2025-06-17
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This…
CVE-2025-39479
2025-06-17
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL…
CVE-2025-34508
2025-06-17
MEDIUM
6.3
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a…
CVE-2025-32549
2025-06-17
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP…
CVE-2025-32510
2025-06-17
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager allows Using Malicious Files. This issue affects…
CVE-2025-31919
2025-06-17
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
CVE-2025-30988
2025-06-17
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Stored XSS. This…
CVE-2025-30618
2025-06-17
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce allows Object Injection. This issue affects Rapyd Payment…
CVE-2025-30562
2025-06-17
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind…
CVE-2025-29002
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen allows PHP…
CVE-2025-28991
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon allows PHP…
CVE-2025-28972
2025-06-17
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System…
CVE-2025-24773
2025-06-17
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact…
CVE-2025-24761
2025-06-17
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP…
CVE-2025-6069
2025-06-17
MEDIUM
4.3
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
CVE-2025-4879
2025-06-17
N/A
0.0
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2025-4404
2025-06-17
CRITICAL
9.1
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate…
CVE-2025-49842
2025-06-17
N/A
0.0
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker…
CVE-2025-0320
2025-06-17
N/A
0.0
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
CVE-2025-6020
2025-06-17
HIGH
7.8
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users…
CVE-2025-5777
2025-06-17
N/A
0.0
Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
CVE-2025-5349
2025-06-17
N/A
0.0
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
CVE-2025-4365
2025-06-17
N/A
0.0
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
CVE-2025-5700
2025-06-17
MEDIUM
6.4
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions…
CVE-2025-5291
2025-06-17
MEDIUM
6.4
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb…
CVE-2025-3880
2025-06-17
MEDIUM
4.3
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data…
CVE-2025-6050
2025-06-17
N/A
0.0
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability…
« Anterior
Página 253 de 3495
Siguiente »
Page load link
Go to Top
