Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54515
2025-11-23
N/A
0.0
The Secure Flag passed to Versal™ Adaptive SoC’s Arm® Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure…
CVE-2025-13562
2025-11-23
HIGH
7.3
A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection.…
CVE-2025-13561
2025-11-23
HIGH
7.3
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection.…
CVE-2025-48507
2025-11-23
N/A
0.0
The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto…
CVE-2025-13560
2025-11-23
HIGH
7.3
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql…
CVE-2025-13557
2025-11-23
HIGH
7.3
A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument…
CVE-2024-21923
2025-11-23
HIGH
7.3
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21922
2025-11-23
HIGH
7.3
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-13556
2025-11-23
HIGH
7.3
A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing manipulation of the argument…
CVE-2025-13555
2025-11-23
HIGH
7.3
A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing manipulation of the…
CVE-2025-13554
2025-11-23
HIGH
7.3
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of…
CVE-2025-13553
2025-11-23
HIGH
8.8
A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It…
CVE-2025-13552
2025-11-23
HIGH
8.8
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument…
CVE-2025-13551
2025-11-23
HIGH
8.8
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads…
CVE-2025-13550
2025-11-23
HIGH
8.8
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to…
CVE-2025-13549
2025-11-23
HIGH
8.8
A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow.…
CVE-2025-13548
2025-11-23
HIGH
8.8
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to…
CVE-2025-13547
2025-11-23
HIGH
8.8
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory…
CVE-2025-13546
2025-11-23
MEDIUM
6.3
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation…
CVE-2025-13545
2025-11-23
MEDIUM
4.7
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the…
CVE-2025-13544
2025-11-23
MEDIUM
6.3
A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation can lead to unrestricted upload. It…
CVE-2025-13197
2025-11-22
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-12561
2025-11-22
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-12541
2025-11-22
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-13526
2025-11-22
HIGH
7.5
The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'wa_order_thank_you_override' function due…
CVE-2025-13318
2025-11-22
MEDIUM
5.3
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks…
CVE-2025-13136
2025-11-22
MEDIUM
4.3
The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all…
CVE-2025-13384
2025-11-22
HIGH
7.5
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin…
CVE-2025-13317
2025-11-22
MEDIUM
5.3
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an…
CVE-2025-12877
2025-11-22
MEDIUM
5.3
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the…
CVE-2025-12752
2025-11-22
MEDIUM
5.3
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the…
CVE-2025-11186
2025-11-22
MEDIUM
6.4
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookies_accepted shortcode in all versions up to,…
CVE-2025-12889
2025-11-22
N/A
0.0
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.
CVE-2025-65947
2025-11-21
N/A
0.0
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows…
CVE-2025-65946
2025-11-21
HIGH
8.1
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo…
CVE-2025-12888
2025-11-21
N/A
0.0
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa…
CVE-2025-12678
2025-11-21
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-11936
2025-11-21
N/A
0.0
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted…
CVE-2025-11934
2025-11-21
N/A
0.0
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example…
CVE-2025-11933
2025-11-21
N/A
0.0
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service…
CVE-2025-11932
2025-11-21
N/A
0.0
The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder
CVE-2025-11931
2025-11-21
N/A
0.0
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections,…
CVE-2025-66087
2025-11-21
MEDIUM
5.3
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through
CVE-2025-66086
2025-11-21
MEDIUM
5.3
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through
CVE-2025-66085
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcodes: from n/a through
CVE-2025-66084
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentCommunity: from n/a through
CVE-2025-66083
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through
CVE-2025-66082
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through
CVE-2025-66079
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through
CVE-2025-66077
2025-11-21
MEDIUM
4.3
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through
« Anterior
Página 274 de 3934
Siguiente »
Page load link
Go to Top
