Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-22494
2024-01-12
MEDIUM
5.4
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary…
CVE-2024-23178
2024-01-12
MEDIUM
5.4
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
CVE-2024-23177
2024-01-12
MEDIUM
6.1
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVE-2024-23173
2024-01-12
MEDIUM
6.1
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before…
CVE-2024-22028
2024-01-15
MEDIUM
4.6
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is…
CVE-2024-22492
2024-01-12
MEDIUM
5.4
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary…
CVE-2024-0230
2024-01-12
LOW
2.4
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An…
CVE-2023-7071
2024-01-11
MEDIUM
6.4
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2023-7048
2024-01-11
LOW
3.1
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2023-7019
2024-01-11
MEDIUM
4.3
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2023-6988
2024-01-11
MEDIUM
6.4
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all…
CVE-2023-6924
2024-01-11
MEDIUM
4.4
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to,…
CVE-2023-6882
2024-01-11
MEDIUM
6.1
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up…
CVE-2023-6855
2024-01-11
MEDIUM
5.3
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification…
CVE-2023-6843
2024-01-15
MEDIUM
4.3
The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7…
CVE-2023-6684
2024-01-11
MEDIUM
6.4
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in…
CVE-2024-35058
2024-05-21
HIGH
7.5
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a…
CVE-2023-6638
2024-01-11
MEDIUM
6.5
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2023-6637
2024-01-11
MEDIUM
6.5
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2023-6634
2024-01-11
HIGH
8.1
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the…
CVE-2023-6558
2024-01-11
HIGH
7.2
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file…
CVE-2023-6504
2024-01-11
MEDIUM
4.3
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable…
CVE-2023-6244
2024-01-11
MEDIUM
6.5
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions…
CVE-2023-6242
2024-01-11
MEDIUM
6.5
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions…
CVE-2023-6369
2024-01-11
MEDIUM
5.4
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of…
CVE-2023-6050
2024-01-15
MEDIUM
6.1
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before…
CVE-2023-6049
2024-01-15
CRITICAL
9.8
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow…
CVE-2023-6048
2024-01-15
MEDIUM
6.5
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like…
CVE-2023-6220
2024-01-11
HIGH
8.1
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the…
CVE-2023-5691
2024-01-11
MEDIUM
4.4
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due…
CVE-2023-51071
2024-01-13
MEDIUM
6.5
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable…
CVE-2023-51068
2024-01-13
MEDIUM
5.4
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary…
CVE-2023-51063
2024-01-13
HIGH
8.8
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting…
CVE-2023-51804
2024-01-13
HIGH
7.5
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body…
CVE-2023-51059
2024-01-16
HIGH
8.8
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges…
CVE-2023-50919
2024-01-12
CRITICAL
9.8
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern…
CVE-2023-50072
2024-01-13
MEDIUM
5.4
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user…
CVE-2023-50440
2023-12-13
MEDIUM
5.5
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification…
CVE-2023-4960
2024-01-11
MEDIUM
6.4
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and…
CVE-2023-4248
2024-01-11
MEDIUM
5.4
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is…
CVE-2023-49262
2024-01-12
CRITICAL
9.8
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active…
CVE-2023-49260
2024-01-12
MEDIUM
6.1
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It…
CVE-2023-49258
2024-01-12
MEDIUM
6.1
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability…
CVE-2023-49255
2024-01-12
CRITICAL
9.8
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in…
CVE-2023-47460
2024-01-16
HIGH
8.8
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.
CVE-2023-46942
2024-01-13
HIGH
7.5
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization…
CVE-2023-43449
2024-01-16
HIGH
8.8
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request…
CVE-2023-46749
2024-01-15
MEDIUM
6.5
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass…
CVE-2023-34061
2024-01-12
HIGH
7.5
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use…
CVE-2023-30015
2024-01-12
CRITICAL
9.8
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information…
« Anterior
Página 319 de 3511
Siguiente »
Page load link
Go to Top
