Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-31997
2025-10-12
MEDIUM
4.2
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database…
CVE-2025-31993
2025-10-12
LOW
3.5
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a…
CVE-2025-11615
2025-10-11
HIGH
7.3
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument ServiceId…
CVE-2025-11614
2025-10-11
HIGH
7.3
A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of the argument…
CVE-2025-11613
2025-10-11
MEDIUM
6.3
A vulnerability was found in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file /addcategory.php. The manipulation of the argument cname results in…
CVE-2025-11612
2025-10-11
MEDIUM
6.3
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads…
CVE-2025-11611
2025-10-11
MEDIUM
6.3
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql…
CVE-2025-11610
2025-10-11
MEDIUM
6.3
A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName…
CVE-2025-11609
2025-10-11
LOW
3.7
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the…
CVE-2025-11608
2025-10-11
HIGH
7.3
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation…
CVE-2025-11607
2025-10-11
MEDIUM
6.3
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing…
CVE-2025-11606
2025-10-11
MEDIUM
6.3
A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results…
CVE-2025-11605
2025-10-11
MEDIUM
6.3
A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql…
CVE-2025-11604
2025-10-11
HIGH
7.3
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes…
CVE-2025-11603
2025-10-11
MEDIUM
6.3
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in…
CVE-2025-11601
2025-10-11
HIGH
7.3
A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation of the argument…
CVE-2025-11600
2025-10-11
MEDIUM
6.3
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname…
CVE-2025-11599
2025-10-11
HIGH
7.3
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email…
CVE-2025-11597
2025-10-11
MEDIUM
6.3
A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to…
CVE-2025-9975
2025-10-11
MEDIUM
6.8
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible…
CVE-2025-9950
2025-10-11
MEDIUM
4.9
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes…
CVE-2025-9947
2025-10-11
MEDIUM
4.9
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient…
CVE-2025-9626
2025-10-11
MEDIUM
4.3
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce…
CVE-2025-9621
2025-10-11
MEDIUM
4.3
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect…
CVE-2025-8682
2025-10-11
MEDIUM
4.3
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including,…
CVE-2025-8606
2025-10-11
LOW
2.4
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or…
CVE-2025-8593
2025-10-11
HIGH
8.8
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability…
CVE-2025-8484
2025-10-11
MEDIUM
5.3
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated…
CVE-2025-7652
2025-10-11
MEDIUM
6.4
The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to…
CVE-2025-6439
2025-10-11
CRITICAL
9.8
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient…
CVE-2025-58301
2025-10-11
MEDIUM
6.2
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58300
2025-10-11
MEDIUM
6.2
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58293
2025-10-11
MEDIUM
5.5
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58289
2025-10-11
MEDIUM
5.9
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-11596
2025-10-11
HIGH
7.3
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead…
CVE-2025-11595
2025-10-11
MEDIUM
4.7
A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing manipulation of the argument mobilenumber results…
CVE-2025-10376
2025-10-11
MEDIUM
4.3
The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce…
CVE-2025-10375
2025-10-11
MEDIUM
4.3
The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce…
CVE-2025-10190
2025-10-11
MEDIUM
6.4
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to…
CVE-2025-10175
2025-10-11
MEDIUM
6.5
The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping…
CVE-2025-10167
2025-10-11
MEDIUM
6.4
The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_stock_snapshot_restocked shortcode in all versions up to, and…
CVE-2025-10129
2025-10-11
MEDIUM
6.4
The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including,…
CVE-2025-6553
2025-10-11
CRITICAL
9.8
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to,…
CVE-2025-58299
2025-10-11
HIGH
8.4
Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58298
2025-10-11
HIGH
7.3
Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58297
2025-10-11
MEDIUM
5.9
Buffer overflow vulnerability in the sensor service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58295
2025-10-11
MEDIUM
5.9
Buffer overflow vulnerability in the development framework module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58292
2025-10-11
LOW
3.3
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58291
2025-10-11
LOW
3.3
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58290
2025-10-11
LOW
3.3
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
« Anterior
Página 382 de 3934
Siguiente »
Page load link
Go to Top
