Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-11996
2025-11-11
MEDIUM
5.3
The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fui_delete_image() and fui_delete_all_images() functiosn in all…
CVE-2025-11988
2025-11-11
MEDIUM
5.3
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an…
CVE-2025-11986
2025-11-11
MEDIUM
5.3
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX…
CVE-2025-11894
2025-11-11
MEDIUM
5.3
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up…
CVE-2025-11891
2025-11-11
MEDIUM
5.3
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it…
CVE-2025-11886
2025-11-11
MEDIUM
4.3
The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect…
CVE-2025-11882
2025-11-11
MEDIUM
6.4
The Simple Donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's simpledonate shortcode in versions less than, or equal to, 1.0 due to insufficient…
CVE-2025-11874
2025-11-11
MEDIUM
5.4
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and…
CVE-2025-11873
2025-11-11
MEDIUM
6.4
The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient…
CVE-2025-11869
2025-11-11
MEDIUM
6.4
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wrap_id` shortcode attribute in all versions up to, and including, 1.0. This is due…
CVE-2025-11863
2025-11-11
MEDIUM
6.4
The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mygeo_city' shortcode in all versions up to, and including, 1.2. This is…
CVE-2025-11860
2025-11-11
MEDIUM
6.4
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitter_feed' shortcode in all versions up to, and including, 1.3.1. This is due to…
CVE-2025-11859
2025-11-11
MEDIUM
6.4
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due…
CVE-2025-11856
2025-11-11
MEDIUM
6.4
The Eventbee Ticketing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventbeeticketwidget' shortcode in all versions up to, and including, 1.0. This is due…
CVE-2025-11829
2025-11-11
MEDIUM
6.4
The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including,…
CVE-2025-11828
2025-11-11
MEDIUM
6.4
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3.…
CVE-2025-11822
2025-11-11
MEDIUM
6.4
The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstrap_tab' shortcode in all versions up to, and including, 1.0.4. This is due…
CVE-2025-11821
2025-11-11
MEDIUM
6.4
The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woo_products_custom_tax' shortcode in all versions up to, and including, 2.2.…
CVE-2025-11805
2025-11-11
MEDIUM
6.4
The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due…
CVE-2025-11532
2025-11-11
MEDIUM
5.3
The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 due to missing validation on the 'wishlist_id' user…
CVE-2025-11521
2025-11-11
HIGH
8.1
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads…
CVE-2025-11457
2025-11-11
CRITICAL
9.8
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the…
CVE-2025-11451
2025-11-11
HIGH
7.5
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the…
CVE-2025-11170
2025-11-11
CRITICAL
9.8
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to,…
CVE-2025-11168
2025-11-11
HIGH
8.8
The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the…
CVE-2025-11129
2025-11-11
MEDIUM
6.4
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due…
CVE-2025-42940
2025-11-11
HIGH
7.5
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application…
CVE-2025-42924
2025-11-11
MEDIUM
6.1
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker.…
CVE-2025-42919
2025-11-11
MEDIUM
5.3
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability…
CVE-2025-42899
2025-11-11
MEDIUM
4.3
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the…
CVE-2025-42897
2025-11-11
MEDIUM
5.3
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a…
CVE-2025-42895
2025-11-11
MEDIUM
6.9
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code…
CVE-2025-42894
2025-11-11
MEDIUM
6.8
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on…
CVE-2025-42893
2025-11-11
MEDIUM
6.1
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an…
CVE-2025-42892
2025-11-11
MEDIUM
6.8
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the…
CVE-2025-42890
2025-11-11
CRITICAL
10.0
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause…
CVE-2025-42889
2025-11-11
MEDIUM
5.4
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the…
CVE-2025-42888
2025-11-11
MEDIUM
5.5
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has…
CVE-2025-42887
2025-11-11
CRITICAL
9.9
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with…
CVE-2025-42886
2025-11-11
MEDIUM
6.1
Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated…
CVE-2025-42885
2025-11-11
MEDIUM
5.8
Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it…
CVE-2025-42884
2025-11-11
MEDIUM
6.5
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI…
CVE-2025-42883
2025-11-11
LOW
2.7
Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application…
CVE-2025-42882
2025-11-11
MEDIUM
4.3
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to…
CVE-2025-31719
2025-11-11
MEDIUM
5.1
In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability.
CVE-2025-64529
2025-11-10
N/A
0.0
SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their…
CVE-2025-64522
2025-11-10
CRITICAL
9.1
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators…
CVE-2025-64519
2025-11-10
HIGH
8.8
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator…
CVE-2025-63678
2025-11-10
N/A
0.0
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via…
CVE-2025-12542
2025-11-10
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
« Anterior
Página 305 de 3934
Siguiente »
Page load link
Go to Top
