Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-4839
2025-05-17
LOW
3.1
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown…
CVE-2025-4842
2025-05-17
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged…
CVE-2025-4843
2025-05-18
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of…
CVE-2025-4844
2025-05-18
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-4845
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is…
CVE-2025-4847
2025-05-18
HIGH
7.3
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of…
CVE-2025-4848
2025-05-18
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-4852
2025-05-18
LOW
2.4
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing…
CVE-2025-3527
2025-05-17
MEDIUM
6.4
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in…
CVE-2024-6668
2025-05-15
MEDIUM
5.4
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could…
CVE-2025-3888
2025-05-17
MEDIUM
6.4
The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions…
CVE-2024-4665
2025-05-15
MEDIUM
5.3
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for…
CVE-2025-4669
2025-05-17
MEDIUM
6.4
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all…
CVE-2024-6708
2025-05-15
MEDIUM
4.8
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on…
CVE-2024-6711
2025-05-15
MEDIUM
6.1
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow…
CVE-2024-7758
2025-05-15
MEDIUM
4.8
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8493
2025-05-15
MEDIUM
4.8
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8542
2025-05-15
MEDIUM
4.8
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8617
2025-05-15
MEDIUM
4.8
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege…
CVE-2024-8619
2025-05-15
MEDIUM
4.8
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8620
2025-05-15
MEDIUM
4.8
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow…
CVE-2024-8670
2025-05-15
MEDIUM
4.8
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could…
CVE-2024-8700
2025-05-15
HIGH
7.5
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete…
CVE-2025-4578
2025-06-04
CRITICAL
9.8
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a…
CVE-2024-9233
2025-05-15
MEDIUM
4.3
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-9390
2025-05-15
MEDIUM
4.8
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9450
2025-05-15
MEDIUM
6.5
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in…
CVE-2024-9599
2025-05-15
MEDIUM
5.4
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-9645
2025-05-15
MEDIUM
5.4
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape…
CVE-2025-1289
2025-05-15
MEDIUM
4.8
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-1303
2025-05-15
MEDIUM
6.1
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the…
CVE-2025-4580
2025-06-04
MEDIUM
4.3
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could…
CVE-2025-2247
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow…
CVE-2025-2248
2025-05-15
MEDIUM
5.4
The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement,…
CVE-2025-47161
2025-05-15
HIGH
7.8
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-1138
2025-05-15
MEDIUM
4.3
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against…
CVE-2024-51475
2025-05-16
MEDIUM
5.4
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,…
CVE-2025-48174
2025-05-16
MEDIUM
4.5
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE-2025-27703
2025-05-28
MEDIUM
6.0
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with…
CVE-2025-27706
2025-05-28
LOW
3.4
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with…
CVE-2025-46078
2025-05-29
MEDIUM
5.3
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server
CVE-2025-46080
2025-05-29
MEDIUM
5.3
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious…
CVE-2025-41385
2025-05-30
HIGH
7.2
An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command…
CVE-2025-41406
2025-05-30
MEDIUM
6.1
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with…
CVE-2025-47697
2025-05-30
HIGH
7.5
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication…
CVE-2025-48486
2025-05-30
MEDIUM
5.4
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is…
CVE-2025-48487
2025-05-30
MEDIUM
4.8
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a…
CVE-2025-48488
2025-05-30
MEDIUM
5.4
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an…
CVE-2025-48489
2025-05-30
MEDIUM
4.8
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site…
CVE-2025-48492
2025-05-30
HIGH
8.8
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to…
« Anterior
Página 301 de 3508
Siguiente »
Page load link
Go to Top
