Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-13258
2025-01-09
CRITICAL
9.8
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON…
CVE-2024-13257
2025-01-09
MEDIUM
5.3
Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3.
CVE-2024-13256
2025-01-09
HIGH
7.5
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before…
CVE-2025-31679
2025-03-31
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS).This…
CVE-2025-31678
2025-03-31
HIGH
8.2
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
CVE-2025-31677
2025-03-31
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence):…
CVE-2023-52233
2024-06-11
HIGH
8.6
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
CVE-2023-6620
2024-01-15
HIGH
7.2
The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in…
CVE-2023-6875
2024-01-11
CRITICAL
9.8
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is…
CVE-2023-5958
2023-11-27
MEDIUM
6.1
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend,…
CVE-2023-3179
2023-07-17
HIGH
8.8
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could…
CVE-2021-4422
2023-07-12
MEDIUM
4.3
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20.…
CVE-2023-3082
2023-07-12
HIGH
7.2
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and…
CVE-2025-31676
2025-03-31
HIGH
8.8
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.
CVE-2025-5086
2025-06-02
CRITICAL
9.0
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote…
CVE-2025-45387
2025-06-02
MEDIUM
5.4
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
CVE-2025-27956
2025-06-02
HIGH
7.5
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
CVE-2025-27953
2025-06-02
MEDIUM
6.5
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via…
CVE-2025-23104
2025-06-02
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads…
CVE-2025-20298
2025-06-02
HIGH
8.0
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to…
CVE-2025-20297
2025-06-02
MEDIUM
4.3
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a…
CVE-2025-48962
2025-06-04
MEDIUM
4.3
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
CVE-2025-48961
2025-06-04
HIGH
7.3
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build…
CVE-2025-48960
2025-06-04
MEDIUM
5.9
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before…
CVE-2025-1701
2025-06-04
N/A
0.0
CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially…
CVE-2025-5598
2025-06-04
N/A
0.0
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
CVE-2025-5597
2025-06-04
N/A
0.0
Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571.
CVE-2025-48959
2025-06-04
MEDIUM
6.7
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before…
CVE-2025-30415
2025-06-04
HIGH
7.5
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent…
CVE-2025-5601
2025-06-04
HIGH
7.8
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or…
CVE-2025-5584
2025-06-04
LOW
2.4
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown…
CVE-2018-25112
2025-06-04
HIGH
7.5
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by…
CVE-2025-5482
2025-06-04
HIGH
8.8
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account…
CVE-2025-47728
2025-06-04
N/A
0.0
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage…
CVE-2025-47727
2025-06-04
N/A
0.0
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage…
CVE-2025-47726
2025-06-04
N/A
0.0
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage…
CVE-2025-47725
2025-06-04
N/A
0.0
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage…
CVE-2025-47724
2025-06-04
N/A
0.0
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage…
CVE-2025-27444
2025-06-04
MEDIUM
4.8
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper…
CVE-2024-13967
2025-06-04
HIGH
8.8
This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web…
CVE-2025-5575
2025-06-04
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code…
CVE-2025-5574
2025-06-04
HIGH
7.3
A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown…
CVE-2025-5573
2025-06-04
MEDIUM
6.3
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the…
CVE-2025-5572
2025-06-04
HIGH
8.8
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the…
CVE-2025-5571
2025-06-04
MEDIUM
6.3
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of…
CVE-2025-5569
2025-06-04
MEDIUM
6.3
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of…
CVE-2025-48710
2025-06-04
MEDIUM
4.1
kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary…
CVE-2025-5566
2025-06-04
MEDIUM
6.3
A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of…
CVE-2025-5562
2025-06-04
HIGH
7.3
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this…
CVE-2025-5561
2025-06-04
HIGH
7.3
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this…
« Anterior
Página 306 de 3509
Siguiente »
Page load link
Go to Top
