Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-31058
2025-06-09
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player allows Reflected XSS. This…
CVE-2025-31057
2025-06-09
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This…
CVE-2025-31052
2025-06-09
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Object Injection. This…
CVE-2025-31050
2025-06-09
HIGH
7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal.…
CVE-2025-31045
2025-06-09
HIGH
7.5
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget allows Retrieve Embedded…
CVE-2025-31039
2025-06-09
CRITICAL
9.1
Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon allows XML Entity Linking. This issue affects Category…
CVE-2025-31022
2025-06-09
CRITICAL
9.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India allows Authentication Abuse. This issue affects…
CVE-2025-28992
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton allows…
CVE-2025-28945
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport,…
CVE-2025-28944
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz allows PHP…
CVE-2025-28888
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme GiftXtore allows PHP…
CVE-2025-27362
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Petito allows PHP…
CVE-2025-26592
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset allows PHP…
CVE-2025-24770
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore allows PHP…
CVE-2025-24768
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan allows PHP…
CVE-2025-24767
2025-06-09
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows…
CVE-2025-23974
2025-06-09
HIGH
8.1
Incorrect Privilege Assignment vulnerability in ifkooo One-Login allows Privilege Escalation. This issue affects One-Login: from n/a through 1.4.
CVE-2023-26005
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP…
CVE-2023-25999
2025-06-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym,…
CVE-2025-5885
2025-06-09
MEDIUM
4.3
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown…
CVE-2025-5884
2025-06-09
LOW
3.5
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown…
CVE-2025-5881
2025-06-09
MEDIUM
6.3
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown…
CVE-2025-5880
2025-06-09
MEDIUM
4.3
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file…
CVE-2025-5865
2025-06-09
HIGH
8.0
A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function…
CVE-2025-5879
2025-06-09
LOW
3.5
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the…
CVE-2025-5877
2025-06-09
MEDIUM
6.3
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is…
CVE-2025-5876
2025-06-09
MEDIUM
5.3
A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability…
CVE-2025-5875
2025-06-09
HIGH
8.8
A vulnerability classified as critical has been found in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function…
CVE-2025-49131
2025-06-09
MEDIUM
6.3
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The…
CVE-2025-49130
2025-06-09
N/A
0.0
Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to…
CVE-2025-49013
2025-06-09
CRITICAL
9.9
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The…
CVE-2025-49006
2025-06-09
N/A
0.0
Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has…
CVE-2025-48877
2025-06-09
N/A
0.0
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch,…
CVE-2025-48062
2025-06-09
HIGH
7.1
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch,…
CVE-2025-48053
2025-06-09
N/A
0.0
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch,…
CVE-2025-40670
2025-06-09
N/A
0.0
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it…
CVE-2025-40669
2025-06-09
N/A
0.0
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each…
CVE-2025-40668
2025-06-09
N/A
0.0
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password…
CVE-2025-41444
2025-06-09
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
CVE-2025-5874
2025-06-09
MEDIUM
5.5
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function…
CVE-2025-5873
2025-06-09
MEDIUM
6.3
A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects…
CVE-2025-41437
2025-06-09
MEDIUM
4.3
Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.
CVE-2025-3835
2025-06-09
CRITICAL
9.6
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
CVE-2025-36528
2025-06-09
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
CVE-2025-27709
2025-06-09
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
CVE-2025-5872
2025-06-09
MEDIUM
5.3
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown…
CVE-2025-5871
2025-06-09
MEDIUM
5.3
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some…
CVE-2025-40675
2025-06-09
N/A
0.0
A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript…
CVE-2025-5870
2025-06-09
HIGH
7.3
A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is…
CVE-2025-5869
2025-06-09
HIGH
8.0
A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file…
« Anterior
Página 285 de 3505
Siguiente »
Page load link
Go to Top
