Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-12680
2025-05-15
MEDIUM
4.8
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-13482
2025-05-15
MEDIUM
4.8
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-13486
2025-05-15
MEDIUM
4.8
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8673
2025-05-15
CRITICAL
9.1
The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious…
CVE-2024-8699
2025-05-15
HIGH
7.2
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to…
CVE-2024-8703
2025-05-15
MEDIUM
6.1
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which…
CVE-2024-9709
2025-05-15
MEDIUM
5.4
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which…
CVE-2024-9711
2025-05-15
MEDIUM
5.4
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which…
CVE-2024-9765
2025-05-15
MEDIUM
6.5
The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the…
CVE-2025-0687
2025-05-15
MEDIUM
6.1
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before…
CVE-2025-4892
2025-05-18
MEDIUM
5.3
A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this…
CVE-2025-0688
2025-05-15
MEDIUM
6.1
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before…
CVE-2025-4889
2025-05-18
MEDIUM
5.3
A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function…
CVE-2025-4888
2025-05-18
MEDIUM
5.3
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order…
CVE-2025-4745
2025-05-16
LOW
3.5
A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part…
CVE-2024-7774
2024-10-29
CRITICAL
9.1
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files…
CVE-2025-3996
2025-04-28
LOW
2.4
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some…
CVE-2025-47273
2025-05-17
N/A
0.0
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability…
CVE-2025-45997
2025-05-28
HIGH
8.6
Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised…
CVE-2025-2812
2025-05-02
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows…
CVE-2022-41254
2022-09-21
MEDIUM
6.5
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified…
CVE-2022-41253
2022-09-21
HIGH
8.8
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified…
CVE-2022-41252
2022-09-21
MEDIUM
4.3
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of…
CVE-2022-41251
2022-09-21
MEDIUM
4.3
A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs…
CVE-2022-41245
2022-09-21
HIGH
8.8
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to…
CVE-2022-41244
2022-09-21
HIGH
8.1
Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that…
CVE-2022-41243
2022-09-21
HIGH
8.1
Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could…
CVE-2022-41242
2022-09-21
MEDIUM
5.4
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about…
CVE-2022-41241
2022-09-21
CRITICAL
9.1
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-41240
2022-09-21
MEDIUM
5.4
Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored…
CVE-2022-41239
2022-09-21
MEDIUM
5.4
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying…
CVE-2022-41237
2022-09-21
CRITICAL
9.8
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting…
CVE-2022-41236
2022-09-21
HIGH
8.8
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated…
CVE-2022-41235
2022-09-21
MEDIUM
5.3
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins…
CVE-2022-41234
2022-09-21
HIGH
8.8
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to…
CVE-2022-41233
2022-09-21
MEDIUM
4.3
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read…
CVE-2022-41232
2022-09-21
HIGH
8.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file…
CVE-2022-41231
2022-09-21
MEDIUM
5.7
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the…
CVE-2022-41230
2022-09-21
MEDIUM
4.3
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read…
CVE-2022-41229
2022-09-21
MEDIUM
5.4
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build…
CVE-2025-3249
2025-04-04
MEDIUM
6.3
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of…
CVE-2024-34257
2024-05-08
CRITICAL
9.8
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker…
CVE-2025-2050
2025-03-07
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by…
CVE-2025-5277
2025-05-28
CRITICAL
9.6
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP…
CVE-2025-4134
2025-05-28
HIGH
7.3
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof…
CVE-2025-40651
2025-05-28
N/A
0.0
Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the…
CVE-2025-4493
2025-05-28
MEDIUM
6.5
Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests…
CVE-2025-5299
2025-05-28
HIGH
7.3
A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects…
CVE-2025-5297
2025-05-28
MEDIUM
5.3
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the…
CVE-2025-3864
2025-05-28
N/A
0.0
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit…
« Anterior
Página 356 de 3516
Siguiente »
Page load link
Go to Top
