Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-1722
2026-02-10
MEDIUM
5.3
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is…
CVE-2026-2099
2026-02-10
MEDIUM
5.4
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVE-2026-2098
2026-02-10
MEDIUM
6.1
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-2097
2026-02-10
HIGH
8.8
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the…
CVE-2026-2096
2026-02-10
CRITICAL
9.8
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
CVE-2026-2095
2026-02-10
CRITICAL
9.8
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the…
CVE-2026-2094
2026-02-10
HIGH
8.8
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-2093
2026-02-10
HIGH
7.5
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-12063
2026-02-10
MEDIUM
5.7
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVE-2026-0996
2026-02-10
MEDIUM
6.4
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to…
CVE-2025-13064
2026-02-10
MEDIUM
4.5
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only…
CVE-2025-12757
2026-02-10
MEDIUM
4.6
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVE-2025-11547
2026-02-10
HIGH
7.8
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVE-2025-11142
2026-02-10
HIGH
7.1
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with…
CVE-2026-2260
2026-02-10
HIGH
7.2
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os…
CVE-2026-2259
2026-02-10
LOW
3.3
A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The…
CVE-2026-24328
2026-02-10
MEDIUM
6.1
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering…
CVE-2026-24327
2026-02-10
MEDIUM
4.3
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to…
CVE-2026-24326
2026-02-10
MEDIUM
4.3
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to…
CVE-2026-24325
2026-02-10
MEDIUM
4.8
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website…
CVE-2026-24324
2026-02-10
MEDIUM
6.5
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS)…
CVE-2026-24323
2026-02-10
MEDIUM
6.1
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL,…
CVE-2026-24322
2026-02-10
HIGH
7.7
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability…
CVE-2026-24321
2026-02-10
MEDIUM
5.3
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to…
CVE-2026-24320
2026-02-10
LOW
3.1
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted…
CVE-2026-24319
2026-02-10
MEDIUM
5.8
In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within…
CVE-2026-24312
2026-02-10
MEDIUM
5.2
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function…
CVE-2026-23689
2026-02-10
HIGH
7.7
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with…
CVE-2026-23688
2026-02-10
MEDIUM
4.3
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity,…
CVE-2026-23687
2026-02-10
HIGH
8.8
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to…
CVE-2026-23686
2026-02-10
LOW
3.4
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed…
CVE-2026-23685
2026-02-10
MEDIUM
4.4
Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If…
CVE-2026-23684
2026-02-10
MEDIUM
5.9
A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry…
CVE-2026-23681
2026-02-10
MEDIUM
4.3
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system…
CVE-2026-0509
2026-02-10
CRITICAL
9.6
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This…
CVE-2026-0508
2026-02-10
HIGH
7.3
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on…
CVE-2026-0505
2026-02-10
MEDIUM
6.1
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to…
CVE-2026-0490
2026-02-10
HIGH
7.5
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from…
CVE-2026-0488
2026-02-10
CRITICAL
9.9
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes…
CVE-2026-0486
2026-02-10
MEDIUM
5.0
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low…
CVE-2026-0485
2026-02-10
HIGH
7.5
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly…
CVE-2026-0484
2026-02-10
MEDIUM
6.5
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data…
CVE-2026-2258
2026-02-10
LOW
3.3
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead…
CVE-2026-0845
2026-02-10
HIGH
7.2
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege…
CVE-2025-15314
2026-02-10
MEDIUM
5.5
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
CVE-2025-15313
2026-02-10
MEDIUM
5.5
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
CVE-2025-15310
2026-02-10
HIGH
7.8
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVE-2025-15147
2026-02-10
MEDIUM
4.3
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via…
CVE-2026-25958
2026-02-09
HIGH
7.7
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a…
CVE-2026-25957
2026-02-09
MEDIUM
6.5
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting…
« Anterior
Página 321 de 4236
Siguiente »
Page load link
Go to Top
