Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-30193
2025-05-20
HIGH
7.5
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection…
CVE-2025-40634
2025-05-20
N/A
0.0
Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions…
CVE-2025-40633
2025-05-20
N/A
0.0
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an…
CVE-2025-37892
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the…
CVE-2025-4951
2025-05-20
MEDIUM
4.6
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite…
CVE-2024-5878
2025-05-20
MEDIUM
6.4
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in…
CVE-2025-4322
2025-05-20
CRITICAL
9.8
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,…
CVE-2025-2929
2025-05-20
HIGH
7.1
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in…
CVE-2025-4971
2025-05-20
N/A
0.0
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution…
CVE-2025-3079
2025-05-20
HIGH
8.7
A passback vulnerability which relates to office/small office multifunction printers and laser printers.
CVE-2025-3078
2025-05-20
HIGH
8.7
A passback vulnerability which relates to production printers and office multifunction printers.
CVE-2025-1308
2025-05-19
N/A
0.0
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
CVE-2025-48340
2025-05-19
CRITICAL
9.8
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta…
CVE-2025-3223
2025-05-19
MEDIUM
5.9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration…
CVE-2025-47949
2025-05-19
N/A
0.0
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to…
CVE-2025-47946
2025-05-19
MEDIUM
6.1
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering…
CVE-2025-47944
2025-05-19
HIGH
7.5
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to…
CVE-2025-47935
2025-05-19
HIGH
7.5
Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory…
CVE-2025-46441
2025-05-19
MEDIUM
5.3
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
CVE-2025-39402
2025-05-19
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This…
CVE-2025-39401
2025-05-19
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This…
CVE-2025-39395
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue…
CVE-2025-39393
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue…
CVE-2025-39392
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS:…
CVE-2025-39389
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This…
CVE-2025-39386
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL…
CVE-2025-39380
2025-05-19
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a…
CVE-2025-39372
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows…
CVE-2025-39366
2025-05-19
HIGH
8.8
Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
CVE-2025-39365
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects…
CVE-2025-39357
2025-05-19
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL…
CVE-2025-39356
2025-05-19
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a…
CVE-2025-39355
2025-05-19
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking allows SQL…
CVE-2025-39354
2025-05-19
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.
CVE-2025-39352
2025-05-19
HIGH
8.2
Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant…
CVE-2025-39350
2025-05-19
HIGH
8.2
Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
CVE-2025-32926
2025-05-19
CRITICAL
9.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This…
CVE-2025-32925
2025-05-19
HIGH
8.3
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points…
CVE-2025-32924
2025-05-19
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue…
CVE-2025-31027
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects…
CVE-2025-47934
2025-05-19
N/A
0.0
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1,…
CVE-2025-47581
2025-05-19
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events…
CVE-2025-47577
2025-05-19
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a…
CVE-2025-47284
2025-05-19
CRITICAL
9.9
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the…
CVE-2025-47283
2025-05-19
CRITICAL
9.9
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener…
CVE-2025-43839
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool allows Reflected XSS.This issue…
CVE-2025-43838
2025-05-19
MEDIUM
6.5
Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2025-43837
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations allows Reflected XSS.This issue affects…
CVE-2025-43836
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out allows Reflected XSS.This issue affects…
CVE-2025-43832
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber allows Reflected XSS.This issue…
« Anterior
Página 391 de 3519
Siguiente »
Page load link
Go to Top
