Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-60938
2025-10-24
HIGH
7.5
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems…
CVE-2025-60801
2025-10-24
HIGH
8.2
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.
CVE-2025-60564
2025-10-24
HIGH
7.5
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.
CVE-2025-60563
2025-10-24
HIGH
7.5
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.
CVE-2025-60562
2025-10-24
HIGH
7.5
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
CVE-2025-60561
2025-10-24
HIGH
7.5
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
CVE-2025-60559
2025-10-24
HIGH
7.5
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
CVE-2025-56438
2025-10-24
MEDIUM
6.8
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a…
CVE-2025-12176
2025-10-24
N/A
0.0
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-8536
2025-10-24
N/A
0.0
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older…
CVE-2025-43995
2025-10-24
CRITICAL
9.8
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection…
CVE-2025-43994
2025-10-24
HIGH
8.6
Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this…
CVE-2025-54966
2025-10-23
MEDIUM
4.3
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local…
CVE-2025-54964
2025-10-23
HIGH
8.4
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the…
CVE-2025-54963
2025-10-23
MEDIUM
6.5
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request…
CVE-2025-11145
2025-10-24
HIGH
7.5
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems…
CVE-2025-9978
2025-10-24
MEDIUM
6.8
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
CVE-2025-46425
2025-10-24
MEDIUM
6.5
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially…
CVE-2025-10874
2025-10-24
MEDIUM
5.5
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for…
CVE-2025-10723
2025-10-24
LOW
2.7
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
CVE-2025-40024
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference…
CVE-2025-40023
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already…
CVE-2025-40022
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in…
CVE-2025-40021
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events…
CVE-2025-40020
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its…
CVE-2025-50951
2025-10-23
MEDIUM
6.5
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVE-2025-50949
2025-10-23
MEDIUM
6.5
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVE-2025-11576
2025-10-24
MEDIUM
4.3
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5.…
CVE-2025-10680
2025-10-24
HIGH
8.8
OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
CVE-2025-40019
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in…
CVE-2025-40018
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections…
CVE-2025-10861
2025-10-24
HIGH
7.5
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-5605
2025-10-24
MEDIUM
4.3
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass…
CVE-2023-53733
2025-10-24
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode When u32_replace_hw_knode fails, we need to undo the tcf_bind_filter operation done…
CVE-2025-5350
2025-10-24
MEDIUM
5.9
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without…
CVE-2025-12136
2025-10-24
MEDIUM
6.8
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is…
CVE-2025-12134
2025-10-24
MEDIUM
5.3
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2025-12096
2025-10-24
MEDIUM
6.4
The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due…
CVE-2025-12072
2025-10-24
MEDIUM
4.3
The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to…
CVE-2025-12028
2025-10-24
HIGH
8.8
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the…
CVE-2025-12017
2025-10-24
MEDIUM
6.1
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-12016
2025-10-24
MEDIUM
4.4
The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquiz_custom_start_text' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization…
CVE-2025-12014
2025-10-24
MEDIUM
4.3
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions…
CVE-2025-11992
2025-10-24
MEDIUM
6.1
The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or…
CVE-2025-11889
2025-10-24
HIGH
7.2
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in…
CVE-2025-11887
2025-10-24
MEDIUM
4.3
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and…
CVE-2025-11504
2025-10-24
HIGH
7.5
The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible…
CVE-2025-11257
2025-10-24
MEDIUM
4.3
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all…
CVE-2025-11253
2025-10-24
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.
CVE-2025-11172
2025-10-24
MEDIUM
4.3
The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to,…
« Anterior
Página 346 de 3933
Siguiente »
Page load link
Go to Top
