Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5378
2025-05-31
MEDIUM
4.3
A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of…
CVE-2025-5377
2025-05-31
MEDIUM
4.3
A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue…
CVE-2025-5376
2025-05-31
HIGH
7.3
A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected…
CVE-2025-4857
2025-05-31
HIGH
7.2
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via…
CVE-2025-4691
2025-05-31
MEDIUM
5.3
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure…
CVE-2025-5290
2025-05-31
MEDIUM
6.4
The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter…
CVE-2025-3813
2025-05-31
MEDIUM
6.4
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in…
CVE-2025-5292
2025-05-31
MEDIUM
6.4
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for…
CVE-2025-5285
2025-05-31
MEDIUM
6.4
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all…
CVE-2025-4672
2025-05-31
HIGH
8.8
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback()…
CVE-2025-4631
2025-05-31
CRITICAL
9.8
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint…
CVE-2025-4607
2025-05-31
CRITICAL
9.8
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and…
CVE-2025-4595
2025-05-31
MEDIUM
6.4
The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up…
CVE-2025-4590
2025-05-31
MEDIUM
6.4
The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions…
CVE-2025-4103
2025-05-31
HIGH
8.8
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function…
CVE-2025-5370
2025-05-31
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality…
CVE-2025-5369
2025-05-31
HIGH
7.3
A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown…
CVE-2025-5016
2025-05-31
MEDIUM
4.7
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in…
CVE-2018-25111
2025-05-31
MEDIUM
5.1
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
CVE-2025-48949
2025-05-30
N/A
0.0
Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to…
CVE-2025-48948
2025-05-30
N/A
0.0
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0…
CVE-2025-48946
2025-05-30
LOW
3.7
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the…
CVE-2025-48882
2025-05-30
N/A
0.0
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version…
CVE-2025-2503
2025-05-30
HIGH
7.1
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary…
CVE-2025-2502
2025-05-30
HIGH
7.8
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-2501
2025-05-30
HIGH
7.8
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-1479
2025-05-30
MEDIUM
5.3
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a…
CVE-2025-5359
2025-05-30
HIGH
7.3
A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part…
CVE-2025-48944
2025-05-30
MEDIUM
6.5
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0,…
CVE-2025-48943
2025-05-30
MEDIUM
6.5
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have…
CVE-2025-48942
2025-05-30
MEDIUM
6.5
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0,…
CVE-2025-48938
2025-05-30
N/A
0.0
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified…
CVE-2025-48885
2025-05-30
N/A
0.0
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able…
CVE-2025-48883
2025-05-30
N/A
0.0
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector…
CVE-2025-5358
2025-05-30
HIGH
7.3
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this…
CVE-2025-5357
2025-05-30
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-5054
2025-05-30
MEDIUM
4.7
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse…
CVE-2025-48887
2025-05-30
MEDIUM
6.5
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability…
CVE-2023-26226
2025-05-30
N/A
0.0
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
CVE-2025-5356
2025-05-30
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function…
CVE-2025-45846
2025-05-08
HIGH
8.8
ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.
CVE-2025-45847
2025-05-08
MEDIUM
6.5
ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
CVE-2025-3475
2025-04-09
MEDIUM
6.5
Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects…
CVE-2025-23247
2025-05-27
MEDIUM
4.4
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length…
CVE-2025-31675
2025-03-31
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue…
CVE-2025-31673
2025-03-31
MEDIUM
4.6
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0…
CVE-2024-55638
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from…
CVE-2024-55637
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from…
CVE-2024-55636
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from…
CVE-2024-55635
2024-12-10
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This…
« Anterior
Página 325 de 3512
Siguiente »
Page load link
Go to Top
