Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-58288
2025-10-11
MEDIUM
5.5
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58287
2025-10-11
HIGH
7.8
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58286
2025-10-11
LOW
3.3
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2025-11594
2025-10-11
MEDIUM
5.3
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the…
CVE-2025-11518
2025-10-11
MEDIUM
5.3
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX…
CVE-2025-11254
2025-10-11
MEDIUM
4.3
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3…
CVE-2025-11167
2025-10-11
MEDIUM
4.7
The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6.…
CVE-2025-9496
2025-10-11
MEDIUM
6.4
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file_modified shortcode in all versions up to, and including, 4.1.6 due to…
CVE-2025-9196
2025-10-11
MEDIUM
5.3
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up…
CVE-2025-11533
2025-10-11
CRITICAL
9.8
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting…
CVE-2025-11197
2025-10-11
MEDIUM
6.4
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient…
CVE-2025-10185
2025-10-11
MEDIUM
4.9
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nf_load_form_entries in all versions up…
CVE-2025-10048
2025-10-11
MEDIUM
4.9
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 3.6.31 due to insufficient escaping…
CVE-2025-11593
2025-10-11
MEDIUM
6.3
A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql…
CVE-2025-11592
2025-10-11
MEDIUM
6.3
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql…
CVE-2025-11591
2025-10-11
MEDIUM
6.3
A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the…
CVE-2025-58285
2025-10-11
MEDIUM
5.3
Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58284
2025-10-11
MEDIUM
5.9
Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58283
2025-10-11
MEDIUM
5.5
Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58282
2025-10-11
LOW
2.8
Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58278
2025-10-11
MEDIUM
6.2
Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58277
2025-10-11
MEDIUM
4.0
Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-9560
2025-10-11
MEDIUM
6.4
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to…
CVE-2025-11380
2025-10-11
MEDIUM
5.9
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
CVE-2025-54654
2025-10-11
MEDIUM
6.2
Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
CVE-2025-31718
2025-10-11
CRITICAL
9.8
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
CVE-2025-31717
2025-10-11
CRITICAL
9.8
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-11590
2025-10-11
MEDIUM
6.3
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument…
CVE-2025-9554
2025-10-10
N/A
0.0
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
CVE-2025-9553
2025-10-10
N/A
0.0
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
CVE-2025-9552
2025-10-10
N/A
0.0
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
CVE-2025-9551
2025-10-10
N/A
0.0
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
CVE-2025-9550
2025-10-10
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before…
CVE-2025-9549
2025-10-10
N/A
0.0
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
CVE-2025-8093
2025-10-10
N/A
0.0
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
CVE-2025-62162
2025-10-10
HIGH
7.5
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser…
CVE-2025-62159
2025-10-10
N/A
0.0
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External…
CVE-2025-52885
2025-10-10
N/A
0.0
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within…
CVE-2025-52647
2025-10-10
MEDIUM
6.1
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
CVE-2025-11626
2025-10-10
MEDIUM
5.5
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
CVE-2025-61912
2025-10-10
N/A
0.0
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a…
CVE-2025-61911
2025-10-10
N/A
0.0
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of…
CVE-2025-11589
2025-10-10
MEDIUM
6.3
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results…
CVE-2025-60378
2025-10-10
HIGH
8.1
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and…
CVE-2025-11588
2025-10-10
MEDIUM
6.3
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql…
CVE-2025-11586
2025-10-10
HIGH
8.8
A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The…
CVE-2025-11585
2025-10-10
HIGH
7.3
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results…
CVE-2025-11584
2025-10-10
HIGH
7.3
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument…
CVE-2025-11583
2025-10-10
HIGH
7.3
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can…
CVE-2025-11582
2025-10-10
HIGH
7.3
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results…
« Anterior
Página 383 de 3934
Siguiente »
Page load link
Go to Top
