Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-31263
2025-05-29
CRITICAL
9.1
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be…
CVE-2025-31264
2025-05-29
MEDIUM
4.6
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4,…
CVE-2024-35753
2024-06-08
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This…
CVE-2024-48899
2024-11-20
MEDIUM
4.3
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course…
CVE-2024-45691
2024-11-20
MEDIUM
5.4
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be…
CVE-2024-45690
2024-11-20
HIGH
7.5
A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.
CVE-2024-45689
2024-11-20
MEDIUM
6.5
A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability…
CVE-2024-2007
2024-03-21
MEDIUM
5.3
A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an…
CVE-2024-21722
2024-02-29
MEDIUM
6.3
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
CVE-2024-21723
2024-02-29
MEDIUM
4.3
Inadequate parsing of URLs could result into an open redirect.
CVE-2024-21725
2024-02-29
MEDIUM
6.1
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
CVE-2025-26465
2025-02-18
MEDIUM
6.8
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a…
CVE-2024-8176
2025-03-14
HIGH
7.5
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML…
CVE-2024-23659
2024-01-19
MEDIUM
6.1
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to…
CVE-2024-22563
2024-01-19
HIGH
7.5
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
CVE-2024-22877
2024-01-19
MEDIUM
5.4
StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows…
CVE-2024-22819
2024-01-18
HIGH
8.8
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
CVE-2024-22592
2024-01-18
HIGH
8.8
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
CVE-2024-23525
2024-01-18
MEDIUM
6.5
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVE-2024-20287
2024-01-17
MEDIUM
6.5
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point…
CVE-2024-20272
2024-01-17
HIGH
7.3
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary…
CVE-2024-20270
2024-01-17
MEDIUM
4.8
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could…
CVE-2024-12243
2025-02-10
MEDIUM
5.3
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in…
CVE-2024-12133
2025-02-10
MEDIUM
5.3
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a…
CVE-2024-12747
2025-01-14
MEDIUM
5.6
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's…
CVE-2024-12088
2025-01-14
MEDIUM
6.5
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a…
CVE-2024-12087
2025-01-14
MEDIUM
6.5
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for…
CVE-2024-0381
2024-01-18
MEDIUM
6.4
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute…
CVE-2024-0405
2024-01-17
HIGH
7.2
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON…
CVE-2024-0238
2024-01-16
MEDIUM
6.1
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action,…
CVE-2024-0237
2024-01-16
MEDIUM
5.3
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing…
CVE-2023-7151
2024-01-16
MEDIUM
6.1
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it…
CVE-2023-52069
2024-01-17
MEDIUM
5.4
kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.
CVE-2023-7083
2024-01-16
MEDIUM
5.4
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2023-6732
2024-01-16
MEDIUM
4.8
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could…
CVE-2023-6292
2024-01-16
MEDIUM
4.3
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings,…
CVE-2023-5922
2024-01-16
HIGH
7.5
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX…
CVE-2023-50028
2024-01-19
CRITICAL
9.8
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL…
CVE-2023-50614
2024-01-18
HIGH
7.5
An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.
CVE-2023-51217
2024-01-18
HIGH
8.8
An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on…
CVE-2023-49943
2024-01-18
MEDIUM
5.4
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a…
CVE-2023-48345
2024-01-18
MEDIUM
5.5
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to…
CVE-2023-48858
2024-01-17
MEDIUM
6.1
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary…
CVE-2023-46952
2024-01-17
MEDIUM
6.1
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the…
CVE-2023-27168
2024-01-19
CRITICAL
9.8
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted…
CVE-2023-2252
2024-01-16
LOW
2.7
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter…
CVE-2023-0769
2024-01-16
MEDIUM
6.1
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in…
CVE-2023-0376
2024-01-16
MEDIUM
5.4
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back…
CVE-2024-21726
2024-02-29
MEDIUM
6.5
Inadequate content filtering leads to XSS vulnerabilities in various components.
CVE-2023-50726
2024-03-13
MEDIUM
6.4
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows…
« Anterior
Página 329 de 3514
Siguiente »
Page load link
Go to Top
