Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-10158
2025-11-18
MEDIUM
4.3
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array…
CVE-2025-6670
2025-11-18
HIGH
8.8
A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in…
CVE-2025-41350
2025-11-18
N/A
0.0
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation…
CVE-2025-41349
2025-11-18
N/A
0.0
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation…
CVE-2025-41348
2025-11-18
N/A
0.0
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the…
CVE-2025-13345
2025-11-18
MEDIUM
6.3
A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads…
CVE-2025-13344
2025-11-18
HIGH
7.3
A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the…
CVE-2025-13343
2025-11-18
LOW
3.5
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results…
CVE-2025-41737
2025-11-18
HIGH
7.5
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
CVE-2025-41736
2025-11-18
HIGH
8.8
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in…
CVE-2025-41735
2025-11-18
HIGH
8.8
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVE-2025-41734
2025-11-18
CRITICAL
9.8
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVE-2025-41733
2025-11-18
CRITICAL
9.8
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
CVE-2025-41347
2025-11-18
N/A
0.0
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request…
CVE-2025-11427
2025-11-18
MEDIUM
5.8
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via…
CVE-2025-4212
2025-11-18
HIGH
7.2
The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to…
CVE-2025-41346
2025-11-18
N/A
0.0
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker…
CVE-2025-13196
2025-11-18
MEDIUM
5.4
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up…
CVE-2025-13133
2025-11-18
MEDIUM
6.6
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes…
CVE-2025-13069
2025-11-18
HIGH
8.8
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. This is due to…
CVE-2025-12955
2025-11-18
HIGH
7.5
The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders"…
CVE-2025-12691
2025-11-18
MEDIUM
6.4
The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up…
CVE-2025-12639
2025-11-18
MEDIUM
4.3
The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is…
CVE-2025-12481
2025-11-18
MEDIUM
4.3
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly…
CVE-2025-12457
2025-11-18
MEDIUM
6.4
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2…
CVE-2025-12392
2025-11-18
MEDIUM
5.3
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all…
CVE-2025-12391
2025-11-18
MEDIUM
5.3
The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up…
CVE-2025-12088
2025-11-18
MEDIUM
6.4
The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meta Display Block in all versions up to, and including, 1.0.0 due to…
CVE-2025-12079
2025-11-18
MEDIUM
6.1
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input…
CVE-2025-11734
2025-11-18
MEDIUM
5.4
The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all…
CVE-2025-9625
2025-11-18
MEDIUM
4.3
The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect…
CVE-2025-8609
2025-11-18
MEDIUM
6.4
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1…
CVE-2025-8605
2025-11-18
MEDIUM
6.4
The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up…
CVE-2025-40549
2025-11-18
CRITICAL
9.1
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a…
CVE-2025-40548
2025-11-18
CRITICAL
9.1
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires…
CVE-2025-40547
2025-11-18
CRITICAL
9.1
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires…
CVE-2025-40545
2025-11-18
MEDIUM
4.8
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to…
CVE-2025-26391
2025-11-18
MEDIUM
5.4
SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.
CVE-2025-13088
2025-11-18
HIGH
8.8
The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient…
CVE-2025-12962
2025-11-18
MEDIUM
6.4
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode.…
CVE-2025-12961
2025-11-18
MEDIUM
4.3
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wp_ajax_save_settings' AJAX action in all versions up to,…
CVE-2025-12937
2025-11-18
MEDIUM
6.5
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acf_flm_update_template_with_pasted_layout' function in all versions…
CVE-2025-12827
2025-11-18
MEDIUM
4.3
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on…
CVE-2025-12823
2025-11-18
MEDIUM
6.4
The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient…
CVE-2025-12775
2025-11-18
HIGH
8.8
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due…
CVE-2025-12528
2025-11-18
HIGH
8.1
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. This is…
CVE-2025-12411
2025-11-18
HIGH
7.1
The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due…
CVE-2025-12406
2025-11-18
MEDIUM
6.1
The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing…
CVE-2025-12404
2025-11-18
MEDIUM
6.1
The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation…
CVE-2025-12372
2025-11-18
MEDIUM
4.3
The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying…
« Anterior
Página 285 de 3934
Siguiente »
Page load link
Go to Top
