Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-43924
2025-06-03
MEDIUM
6.1
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the…
CVE-2025-43923
2025-06-03
MEDIUM
6.5
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point…
CVE-2025-31136
2025-06-04
MEDIUM
6.7
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds…
CVE-2025-29093
2025-06-04
HIGH
8.2
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images…
CVE-2025-23106
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads…
CVE-2025-23101
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-23096
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile…
CVE-2025-23095
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile…
CVE-2025-20286
2025-06-04
CRITICAL
9.9
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services…
CVE-2024-11831
2025-02-10
MEDIUM
5.4
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such…
CVE-2024-40747
2025-01-07
MEDIUM
6.1
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVE-2024-40748
2025-01-07
HIGH
7.5
Lack of output escaping in the id attribute of menu lists.
CVE-2024-40749
2025-01-07
HIGH
7.5
Improper Access Controls allows access to protected views.
CVE-2025-22204
2025-02-04
CRITICAL
9.8
Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote…
CVE-2025-22205
2025-02-04
HIGH
7.5
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version…
CVE-2025-22206
2025-02-04
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22208
2025-02-15
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22209
2025-02-15
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22210
2025-02-25
HIGH
7.2
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL…
CVE-2025-25226
2025-04-08
CRITICAL
9.8
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note:…
CVE-2025-25227
2025-04-08
HIGH
7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2024-10144
2025-05-15
MEDIUM
4.8
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of…
CVE-2024-10054
2025-05-15
MEDIUM
4.8
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10107
2025-05-15
MEDIUM
4.8
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which…
CVE-2024-10145
2025-05-15
MEDIUM
4.8
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-10504
2025-05-15
MEDIUM
5.4
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters…
CVE-2024-11109
2025-05-15
MEDIUM
4.8
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could…
CVE-2024-3996
2025-05-15
MEDIUM
6.1
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow…
CVE-2025-5609
2025-06-04
HIGH
8.8
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of…
CVE-2025-5608
2025-06-04
HIGH
8.8
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file…
CVE-2025-5607
2025-06-04
HIGH
8.8
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList…
CVE-2025-48935
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible…
CVE-2025-48934
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables…
CVE-2025-5606
2025-06-04
MEDIUM
6.3
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv…
CVE-2025-48888
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2,…
CVE-2025-46339
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a…
CVE-2025-32015
2025-06-04
MEDIUM
6.7
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which…
CVE-2025-31482
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly…
CVE-2025-31134
2025-06-04
N/A
0.0
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server…
CVE-2025-22245
2025-06-04
MEDIUM
5.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244
2025-06-04
MEDIUM
6.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243
2025-06-04
HIGH
7.5
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-24015
2025-06-03
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM…
CVE-2020-27298
2021-01-26
MEDIUM
6.5
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The…
CVE-2020-14506
2020-09-18
LOW
3.4
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or…
CVE-2024-13613
2025-05-17
HIGH
7.5
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3…
CVE-2025-5267
2025-05-27
MEDIUM
5.4
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious…
CVE-2025-5266
2025-05-27
MEDIUM
6.5
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox…
CVE-2025-5264
2025-05-27
MEDIUM
4.8
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user…
CVE-2025-33103
2025-05-17
HIGH
8.5
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability.…
« Anterior
Página 300 de 3508
Siguiente »
Page load link
Go to Top
