Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-12421
2025-11-27
CRITICAL
9.9
Mattermost versions 11.0.x
CVE-2025-12419
2025-11-27
CRITICAL
9.9
Mattermost versions 10.12.x
CVE-2025-12559
2025-11-27
MEDIUM
4.3
Mattermost versions 11.0.x
CVE-2025-13765
2025-11-27
N/A
0.0
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
CVE-2025-13758
2025-11-27
N/A
0.0
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
CVE-2025-13757
2025-11-27
N/A
0.0
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
CVE-2025-8890
2025-11-27
N/A
0.0
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker…
CVE-2025-13692
2025-11-27
HIGH
7.2
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to…
CVE-2025-12140
2025-11-27
N/A
0.0
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression,…
CVE-2025-59454
2025-11-27
N/A
0.0
In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only…
CVE-2025-59302
2025-11-27
N/A
0.0
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTariffUpdate…
CVE-2025-54057
2025-11-27
N/A
0.0
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking:
CVE-2025-12971
2025-11-27
MEDIUM
4.3
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured…
CVE-2025-59890
2025-11-27
HIGH
7.3
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code…
CVE-2025-13742
2025-11-27
N/A
0.0
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced…
CVE-2025-10476
2025-11-27
MEDIUM
4.3
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up…
CVE-2025-59026
2025-11-27
MEDIUM
5.4
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account,…
CVE-2025-59025
2025-11-27
MEDIUM
6.1
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization…
CVE-2025-30190
2025-11-27
MEDIUM
5.4
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account,…
CVE-2025-30186
2025-11-27
MEDIUM
5.4
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account,…
CVE-2025-13381
2025-11-27
MEDIUM
5.3
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function…
CVE-2025-13378
2025-11-27
MEDIUM
6.5
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via…
CVE-2025-12584
2025-11-27
MEDIUM
5.3
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to…
CVE-2025-13536
2025-11-27
HIGH
8.8
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is…
CVE-2025-13441
2025-11-27
MEDIUM
5.3
The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to…
CVE-2025-13157
2025-11-27
MEDIUM
5.3
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode_wishlist_for_woocommerce_wishlist_table_item_callback' function due…
CVE-2025-13525
2025-11-27
MEDIUM
6.1
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1.4.5 due to insufficient…
CVE-2025-13143
2025-11-27
MEDIUM
4.3
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This…
CVE-2025-12185
2025-11-27
MEDIUM
4.4
The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and…
CVE-2025-12123
2025-11-27
MEDIUM
6.1
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due…
CVE-2025-7820
2025-11-27
HIGH
7.5
The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only…
CVE-2025-3784
2025-11-27
MEDIUM
5.5
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the…
CVE-2025-13680
2025-11-27
HIGH
8.8
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to…
CVE-2025-13675
2025-11-27
CRITICAL
9.8
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what…
CVE-2025-13540
2025-11-27
CRITICAL
9.8
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting…
CVE-2025-13539
2025-11-27
CRITICAL
9.8
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging…
CVE-2025-13538
2025-11-27
CRITICAL
9.8
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting…
CVE-2025-12758
2025-11-27
HIGH
7.5
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take…
CVE-2025-12151
2025-11-27
MEDIUM
6.4
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio_name' parameter in all versions up to, and including, 1.1.0 due to insufficient input…
CVE-2025-66314
2025-11-27
HIGH
7.5
Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ElasticNet UME R32: ElasticNet_UME_R32_V16.23.20.04.
CVE-2025-34351
2025-11-27
N/A
0.0
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by…
CVE-2025-13762
2025-11-27
N/A
0.0
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk…
CVE-2025-12713
2025-11-27
MEDIUM
6.4
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization…
CVE-2025-12712
2025-11-27
MEDIUM
6.4
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization…
CVE-2025-12670
2025-11-27
MEDIUM
6.4
The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to…
CVE-2025-12666
2025-11-27
MEDIUM
6.4
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up…
CVE-2025-12649
2025-11-27
MEDIUM
6.4
The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2.…
CVE-2025-12579
2025-11-27
MEDIUM
5.3
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to,…
CVE-2025-12578
2025-11-27
MEDIUM
4.3
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce…
CVE-2025-0658
2025-11-27
N/A
0.0
A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet…
« Anterior
Página 266 de 3934
Siguiente »
Page load link
Go to Top
