Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-41111
2025-11-04
N/A
0.0
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in…
CVE-2025-12493
2025-11-04
CRITICAL
9.8
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in…
CVE-2025-12045
2025-11-04
MEDIUM
6.4
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and…
CVE-2025-11690
2025-11-04
HIGH
8.5
An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker…
CVE-2025-20749
2025-11-04
MEDIUM
6.7
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2025-20748
2025-11-04
MEDIUM
6.7
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a…
CVE-2025-20747
2025-11-04
MEDIUM
6.7
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious…
CVE-2025-20746
2025-11-04
MEDIUM
6.7
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious…
CVE-2025-20742
2025-11-04
HIGH
8.0
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with…
CVE-2025-20741
2025-11-04
MEDIUM
6.7
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a…
CVE-2025-20740
2025-11-04
MEDIUM
4.7
In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges…
CVE-2025-20739
2025-11-04
MEDIUM
6.7
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a…
CVE-2025-20738
2025-11-04
MEDIUM
6.7
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a…
CVE-2025-20736
2025-11-04
MEDIUM
6.7
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a…
CVE-2025-12683
2025-11-04
N/A
0.0
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus…
CVE-2025-12456
2025-11-04
MEDIUM
6.1
The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation…
CVE-2025-12452
2025-11-04
MEDIUM
6.1
The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page.…
CVE-2025-12416
2025-11-04
MEDIUM
6.1
The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to…
CVE-2025-12415
2025-11-04
MEDIUM
6.1
The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation…
CVE-2025-12413
2025-11-04
MEDIUM
5.4
The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing…
CVE-2025-12412
2025-11-04
MEDIUM
6.1
The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect…
CVE-2025-12410
2025-11-04
MEDIUM
6.1
The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect…
CVE-2025-12403
2025-11-04
MEDIUM
6.1
The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect…
CVE-2025-12402
2025-11-04
MEDIUM
6.1
The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce…
CVE-2025-12400
2025-11-04
MEDIUM
6.1
The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce…
CVE-2025-12396
2025-11-04
MEDIUM
4.4
The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and…
CVE-2025-12393
2025-11-04
MEDIUM
4.4
The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization…
CVE-2025-12389
2025-11-04
MEDIUM
4.3
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions…
CVE-2025-12371
2025-11-04
MEDIUM
4.4
The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization…
CVE-2025-12369
2025-11-04
MEDIUM
6.4
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `geojsonmarker` shortcode in all versions up to, and including, 4.7. This is…
CVE-2025-12350
2025-11-04
MEDIUM
5.3
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including,…
CVE-2025-12188
2025-11-04
MEDIUM
4.3
The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-12158
2025-11-04
CRITICAL
9.8
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and…
CVE-2025-12157
2025-11-04
MEDIUM
5.3
The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions…
CVE-2025-12156
2025-11-04
MEDIUM
4.3
The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2025-12065
2025-11-04
MEDIUM
4.4
The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon_js_script' parameter in all versions up to, and including, 1.0.0 due to insufficient input…
CVE-2025-11890
2025-11-04
HIGH
7.5
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to…
CVE-2025-11812
2025-11-04
MEDIUM
6.4
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse_builder_single_post_title' shortcode in all versions up to, and including, 1.7. This is due to…
CVE-2025-11758
2025-11-04
MEDIUM
6.5
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including,…
CVE-2025-11753
2025-11-04
MEDIUM
4.4
The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-11733
2025-11-04
HIGH
7.2
The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due to insufficient input…
CVE-2025-11724
2025-11-04
HIGH
8.8
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is…
CVE-2025-11704
2025-11-04
HIGH
7.5
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the `elegance-menu` shortcode.…
CVE-2025-10896
2025-11-04
HIGH
8.8
Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions…
CVE-2025-47370
2025-11-04
MEDIUM
6.5
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
CVE-2025-47368
2025-11-04
HIGH
7.8
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
CVE-2025-47367
2025-11-04
HIGH
7.8
Memory corruption while accessing a buffer during IOCTL processing.
CVE-2025-47365
2025-11-04
HIGH
7.8
Memory corruption while processing large input data from a remote source via a communication interface.
CVE-2025-47362
2025-11-04
MEDIUM
6.1
Information disclosure while processing message from client with invalid payload.
CVE-2025-47361
2025-11-04
HIGH
7.8
Memory corruption when triggering a subsystem crash with an out-of-range identifier.
« Anterior
Página 323 de 3934
Siguiente »
Page load link
Go to Top
