Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-33861
2025-05-20
MEDIUM
6.5
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path…
CVE-2025-4980
2025-05-20
MEDIUM
5.3
A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the…
CVE-2025-47941
2025-05-20
HIGH
7.2
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31…
CVE-2025-47940
2025-05-20
HIGH
7.2
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50…
CVE-2025-47939
2025-05-20
MEDIUM
5.4
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend…
CVE-2025-47938
2025-05-20
LOW
3.8
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51…
CVE-2025-47937
2025-05-20
LOW
3.7
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51…
CVE-2025-47936
2025-05-20
LOW
3.3
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31…
CVE-2024-53359
2025-05-20
HIGH
7.5
An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.
CVE-2025-4978
2025-05-20
CRITICAL
9.8
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of…
CVE-2025-4977
2025-05-20
MEDIUM
5.3
A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some…
CVE-2025-41231
2025-05-20
HIGH
7.3
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to…
CVE-2025-41230
2025-05-20
HIGH
7.5
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may…
CVE-2025-41229
2025-05-20
HIGH
8.2
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may…
CVE-2025-40635
2025-05-20
N/A
0.0
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete…
CVE-2025-30193
2025-05-20
HIGH
7.5
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection…
CVE-2025-40634
2025-05-20
N/A
0.0
Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions…
CVE-2025-40633
2025-05-20
N/A
0.0
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an…
CVE-2025-37892
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the…
CVE-2025-4951
2025-05-20
MEDIUM
4.6
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite…
CVE-2024-5878
2025-05-20
MEDIUM
6.4
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in…
CVE-2025-4322
2025-05-20
CRITICAL
9.8
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,…
CVE-2025-2929
2025-05-20
HIGH
7.1
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in…
CVE-2025-4971
2025-05-20
N/A
0.0
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution…
CVE-2025-3079
2025-05-20
HIGH
8.7
A passback vulnerability which relates to office/small office multifunction printers and laser printers.
CVE-2025-3078
2025-05-20
HIGH
8.7
A passback vulnerability which relates to production printers and office multifunction printers.
CVE-2025-1308
2025-05-19
N/A
0.0
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
CVE-2025-48340
2025-05-19
CRITICAL
9.8
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta…
CVE-2025-3223
2025-05-19
MEDIUM
5.9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration…
CVE-2025-47949
2025-05-19
N/A
0.0
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to…
CVE-2025-47946
2025-05-19
MEDIUM
6.1
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering…
CVE-2025-47944
2025-05-19
HIGH
7.5
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to…
CVE-2025-47935
2025-05-19
HIGH
7.5
Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory…
CVE-2025-46441
2025-05-19
MEDIUM
5.3
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
CVE-2025-39402
2025-05-19
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This…
CVE-2025-39401
2025-05-19
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This…
CVE-2025-39395
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue…
CVE-2025-39393
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue…
CVE-2025-39392
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS:…
CVE-2025-39389
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This…
CVE-2025-39386
2025-05-19
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL…
CVE-2025-39380
2025-05-19
CRITICAL
10.0
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a…
CVE-2025-39372
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows…
CVE-2025-39366
2025-05-19
HIGH
8.8
Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
CVE-2025-39365
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects…
CVE-2025-39357
2025-05-19
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System allows SQL…
CVE-2025-39356
2025-05-19
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a…
CVE-2025-39355
2025-05-19
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking allows SQL…
CVE-2025-39354
2025-05-19
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.
CVE-2025-39352
2025-05-19
HIGH
8.2
Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant…
« Anterior
Página 392 de 3520
Siguiente »
Page load link
Go to Top
