Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-64286
2025-10-29
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through
CVE-2025-64285
2025-10-29
MEDIUM
5.4
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a…
CVE-2025-64199
2025-10-29
MEDIUM
5.4
Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through
CVE-2025-64197
2025-10-29
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64195
2025-10-29
HIGH
7.6
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from…
CVE-2025-64145
2025-10-29
MEDIUM
4.3
Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-64144
2025-10-29
MEDIUM
4.3
Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read…
CVE-2025-64194
2025-10-29
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through
CVE-2025-64143
2025-10-29
MEDIUM
4.3
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended…
CVE-2025-64142
2025-10-29
MEDIUM
4.3
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64141
2025-10-29
MEDIUM
4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64140
2025-10-29
HIGH
8.8
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
CVE-2025-64139
2025-10-29
MEDIUM
4.3
A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2025-64138
2025-10-29
MEDIUM
4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2025-64137
2025-10-29
MEDIUM
4.3
A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2025-64136
2025-10-29
MEDIUM
4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVE-2025-64135
2025-10-29
MEDIUM
5.9
Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value, disabling a protection mechanism of the Java runtime.
CVE-2025-64134
2025-10-29
HIGH
7.1
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2025-64133
2025-10-29
MEDIUM
5.4
A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.
CVE-2025-64132
2025-10-29
MEDIUM
5.4
Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud…
CVE-2025-64131
2025-10-29
HIGH
7.5
Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser…
CVE-2025-60075
2025-10-29
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through
CVE-2025-58939
2025-10-29
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through
CVE-2025-61235
2025-10-28
CRITICAL
9.1
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally,…
CVE-2025-60355
2025-10-28
CRITICAL
9.8
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-40085
2025-10-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly…
CVE-2025-40084
2025-10-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying…
CVE-2025-58711
2025-10-29
MEDIUM
5.3
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through
CVE-2025-54605
2025-10-28
HIGH
7.5
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVE-2025-54604
2025-10-28
HIGH
7.5
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVE-2025-40083
2025-10-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL,…
CVE-2023-7324
2025-10-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().
CVE-2025-11632
2025-10-29
MEDIUM
4.3
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
CVE-2025-11587
2025-10-29
MEDIUM
4.3
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-12142
2025-10-29
MEDIUM
6.1
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2023-39178
2025-10-29
N/A
0.0
Rejected reason: Duplicate of CVE-2023-52441.
CVE-2023-39177
2025-10-29
N/A
0.0
Rejected reason: Duplicate of CVE-2023-52442.
CVE-2025-12461
2025-10-29
N/A
0.0
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’…
CVE-2025-12450
2025-10-29
MEDIUM
6.1
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and…
CVE-2015-10147
2025-10-29
MEDIUM
4.9
The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to…
CVE-2015-10146
2025-10-29
MEDIUM
4.9
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient…
CVE-2025-12058
2025-10-29
N/A
0.0
The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from…
CVE-2025-11702
2025-10-29
HIGH
8.5
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker…
CVE-2023-7320
2025-10-29
MEDIUM
5.3
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST…
CVE-2025-62776
2025-10-29
HIGH
7.8
The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-49042
2025-10-29
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
CVE-2025-11705
2025-10-29
MEDIUM
6.5
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability…
CVE-2025-64296
2025-10-29
MEDIUM
5.3
Missing Authorization vulnerability in Facebook Facebook for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through 3.5.7.
CVE-2025-64162
2025-10-29
N/A
0.0
Rejected reason: Not used
CVE-2025-64161
2025-10-29
N/A
0.0
Rejected reason: Not used
« Anterior
Página 30 de 3630
Siguiente »
Page load link
Go to Top
