Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-0237
2024-01-16
MEDIUM
5.3
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing…
CVE-2023-7151
2024-01-16
MEDIUM
6.1
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it…
CVE-2023-52069
2024-01-17
MEDIUM
5.4
kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.
CVE-2023-7083
2024-01-16
MEDIUM
5.4
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2023-6732
2024-01-16
MEDIUM
4.8
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could…
CVE-2023-6292
2024-01-16
MEDIUM
4.3
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings,…
CVE-2023-5922
2024-01-16
HIGH
7.5
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX…
CVE-2023-50028
2024-01-19
CRITICAL
9.8
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL…
CVE-2023-50614
2024-01-18
HIGH
7.5
An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.
CVE-2023-51217
2024-01-18
HIGH
8.8
An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on…
CVE-2023-49943
2024-01-18
MEDIUM
5.4
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a…
CVE-2023-48345
2024-01-18
MEDIUM
5.5
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to…
CVE-2023-48858
2024-01-17
MEDIUM
6.1
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary…
CVE-2023-46952
2024-01-17
MEDIUM
6.1
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the…
CVE-2023-27168
2024-01-19
CRITICAL
9.8
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted…
CVE-2023-2252
2024-01-16
LOW
2.7
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter…
CVE-2023-0769
2024-01-16
MEDIUM
6.1
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in…
CVE-2023-0376
2024-01-16
MEDIUM
5.4
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back…
CVE-2024-21726
2024-02-29
MEDIUM
6.5
Inadequate content filtering leads to XSS vulnerabilities in various components.
CVE-2023-50726
2024-03-13
MEDIUM
6.4
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows…
CVE-2024-25228
2024-03-14
HIGH
8.8
Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in…
CVE-2024-28069
2024-03-16
HIGH
7.5
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to…
CVE-2024-28070
2024-03-16
MEDIUM
6.8
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to…
CVE-2024-28123
2024-03-21
HIGH
7.3
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter,…
CVE-2024-28286
2024-03-21
HIGH
7.5
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as…
CVE-2024-26468
2024-02-26
MEDIUM
6.1
A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute…
CVE-2024-26467
2024-02-26
MEDIUM
6.1
A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute…
CVE-2025-48745
2025-06-02
N/A
0.0
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes:…
CVE-2025-21605
2025-04-23
HIGH
7.5
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3,…
CVE-2022-37620
2022-10-31
HIGH
7.5
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
CVE-2025-1647
2025-05-15
MEDIUM
5.6
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue…
CVE-2022-41322
2022-09-23
HIGH
7.8
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user…
CVE-2025-5321
2025-05-29
MEDIUM
6.3
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of…
CVE-2025-5320
2025-05-29
LOW
3.7
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of…
CVE-2025-5283
2025-05-27
MEDIUM
5.4
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-46836
2025-05-14
MEDIUM
6.6
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating…
CVE-2025-23368
2025-03-04
HIGH
8.1
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication…
CVE-2024-50624
2024-10-28
MEDIUM
5.9
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP…
CVE-2025-44906
2025-05-30
HIGH
7.8
jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
CVE-2025-44619
2025-05-30
CRITICAL
9.1
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers…
CVE-2025-44614
2025-05-30
HIGH
7.5
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in…
CVE-2025-44612
2025-05-30
MEDIUM
5.9
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials,…
CVE-2020-36846
2025-05-30
CRITICAL
9.8
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included…
CVE-2023-50431
2023-12-09
MEDIUM
5.5
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not…
CVE-2024-57338
2025-05-28
MEDIUM
6.5
An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to…
CVE-2025-4434
2025-05-09
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All…
CVE-2024-57337
2025-05-28
MEDIUM
6.5
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x…
CVE-2025-48874
2025-05-30
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: This candidate is a duplicate of…
CVE-2025-48873
2025-05-30
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: This candidate is a duplicate of…
CVE-2025-48872
2025-05-30
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47055. Reason: This candidate is a duplicate of…
« Anterior
Página 330 de 3514
Siguiente »
Page load link
Go to Top
