Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-4483
2024-07-29
MEDIUM
5.4
The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute…
CVE-2024-6362
2024-07-29
MEDIUM
4.6
The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting…
CVE-2024-6223
2024-07-30
MEDIUM
6.1
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter…
CVE-2024-6224
2024-07-30
MEDIUM
5.9
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some…
CVE-2024-6226
2024-07-30
MEDIUM
6.1
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-1747
2024-08-01
MEDIUM
6.5
The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any…
CVE-2024-2843
2024-08-01
MEDIUM
6.5
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers…
CVE-2024-3983
2024-08-01
HIGH
8.1
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow…
CVE-2024-46328
2024-09-26
HIGH
8.0
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.
CVE-2024-46329
2024-09-26
HIGH
8.0
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
CVE-2025-48742
2025-05-27
MEDIUM
5.4
The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.
CVE-2023-47189
2024-06-04
MEDIUM
5.3
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security:…
CVE-2024-32792
2024-06-09
MEDIUM
4.3
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
CVE-2024-21413
2024-02-13
CRITICAL
9.8
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-24054
2025-03-11
MEDIUM
6.5
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24985
2025-03-11
HIGH
7.8
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-30397
2025-05-13
HIGH
7.5
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over…
CVE-2023-37226
2024-09-10
CRITICAL
9.8
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
CVE-2023-37227
2024-09-10
CRITICAL
9.8
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
CVE-2023-37231
2024-09-10
CRITICAL
9.8
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
CVE-2023-43953
2023-10-03
MEDIUM
5.4
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.
CVE-2024-51360
2025-05-23
CRITICAL
9.8
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php…
CVE-2024-51108
2025-05-23
MEDIUM
5.4
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL…
CVE-2024-51107
2025-05-23
MEDIUM
4.8
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL…
CVE-2024-51101
2025-05-23
CRITICAL
9.8
PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the…
CVE-2024-48702
2025-05-23
MEDIUM
5.4
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVE-2024-24140
2024-01-29
HIGH
7.2
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
CVE-2024-24134
2024-01-29
MEDIUM
4.8
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in…
CVE-2024-23739
2024-01-28
CRITICAL
9.8
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode…
CVE-2024-22861
2024-01-27
HIGH
7.5
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
CVE-2024-22639
2024-01-25
MEDIUM
6.1
iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing…
CVE-2024-22559
2024-01-29
MEDIUM
5.4
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
CVE-2024-22551
2024-01-26
MEDIUM
6.1
WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.
CVE-2024-22545
2024-01-26
HIGH
7.8
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter…
CVE-2024-20253
2024-01-26
CRITICAL
9.9
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute…
CVE-2024-0824
2024-01-27
MEDIUM
6.4
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in…
CVE-2023-7199
2024-01-29
MEDIUM
5.3
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and…
CVE-2023-6530
2024-01-29
MEDIUM
5.4
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2023-6391
2024-01-29
HIGH
8.8
The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which…
CVE-2024-0727
2024-01-26
MEDIUM
5.5
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service…
CVE-2024-0625
2024-01-25
MEDIUM
4.4
The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions…
CVE-2023-51840
2024-01-29
CRITICAL
9.8
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVE-2023-48202
2024-01-27
MEDIUM
5.4
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG…
CVE-2023-48201
2024-01-27
MEDIUM
5.4
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges…
CVE-2023-52389
2024-01-27
CRITICAL
9.8
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a…
CVE-2023-51833
2024-01-25
HIGH
8.1
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1…
CVE-2023-48128
2024-01-26
MEDIUM
5.4
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of…
CVE-2023-48126
2024-01-26
MEDIUM
5.4
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of…
CVE-2023-38323
2024-01-26
CRITICAL
9.8
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration…
CVE-2022-38527
2022-09-19
MEDIUM
6.1
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
« Anterior
Página 341 de 3515
Siguiente »
Page load link
Go to Top
