Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-50128
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-48732
2025-07-24
HIGH
7.3
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted…
CVE-2025-47061
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46996
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46993
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46410
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-41420
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-36548
2025-07-24
HIGH
8.3
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master…
CVE-2025-25214
2025-07-24
HIGH
8.8
A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A…
CVE-2025-54369
2025-07-24
N/A
0.0
Rejected reason: Reason: This candidate was issued in error.
CVE-2025-51089
2025-07-24
MEDIUM
6.5
Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer…
CVE-2025-51088
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based…
CVE-2025-51085
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads…
CVE-2025-51082
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based…
CVE-2025-45731
2025-07-24
MEDIUM
6.5
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while…
CVE-2025-41240
2025-07-24
CRITICAL
10.0
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document…
CVE-2025-8114
2025-07-24
MEDIUM
4.7
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the…
CVE-2025-51087
2025-07-24
HIGH
8.6
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based…
CVE-2025-36005
2025-07-24
MEDIUM
5.9
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1,…
CVE-2025-33109
2025-07-24
HIGH
7.5
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority…
CVE-2025-33013
2025-07-24
MEDIUM
6.2
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1,…
CVE-2025-54365
2025-07-23
N/A
0.0
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more.…
CVE-2025-4784
2025-07-24
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection.This issue…
CVE-2016-15044
2025-07-23
N/A
0.0
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within…
CVE-2025-5243
2025-07-24
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')…
CVE-2025-4822
2025-07-24
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows…
CVE-2025-40680
2025-07-24
N/A
0.0
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT…
CVE-2025-7745
2025-07-24
MEDIUM
5.8
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
CVE-2025-8071
2025-07-24
MEDIUM
6.4
Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘audio’ parameter in all versions up to,…
CVE-2025-7966
2025-07-24
MEDIUM
6.4
The Get Youtube Subs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘channel', 'layout', and 'subs_count’ parameters…
CVE-2025-7959
2025-07-24
MEDIUM
6.4
The Station Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width' and 'height’ parameter in all…
CVE-2025-7835
2025-07-24
MEDIUM
4.3
The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-7822
2025-07-24
MEDIUM
4.3
The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-7780
2025-07-24
MEDIUM
6.5
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4.…
CVE-2025-7695
2025-07-24
HIGH
8.8
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST…
CVE-2025-7690
2025-07-24
MEDIUM
6.1
The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.…
CVE-2025-7640
2025-07-24
HIGH
8.1
The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-6588
2025-07-24
MEDIUM
6.1
The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to,…
CVE-2025-6539
2025-07-24
MEDIUM
6.4
The Voltax Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions…
CVE-2025-6441
2025-07-24
CRITICAL
9.8
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login…
CVE-2025-6387
2025-07-24
MEDIUM
6.4
The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all…
CVE-2025-6385
2025-07-24
MEDIUM
6.4
The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up…
CVE-2025-6382
2025-07-24
MEDIUM
6.4
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions…
CVE-2025-6380
2025-07-24
CRITICAL
9.8
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint…
CVE-2025-6262
2025-07-24
MEDIUM
6.4
The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all…
CVE-2025-5084
2025-07-24
MEDIUM
6.1
The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions…
CVE-2025-4608
2025-07-24
MEDIUM
6.4
The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions…
CVE-2025-3669
2025-07-24
MEDIUM
6.4
The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode…
CVE-2025-8107
2025-07-24
MEDIUM
6.3
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing…
CVE-2025-8009
2025-07-24
MEDIUM
4.9
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all…
« Anterior
Página 26 de 3365
Siguiente »
Page load link
Go to Top
