Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-39448
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue…
CVE-2025-39398
2025-05-19
MEDIUM
4.3
Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed…
CVE-2025-39396
2025-05-19
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP…
CVE-2025-27010
2025-05-19
HIGH
8.1
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.
CVE-2025-26997
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects…
CVE-2025-26892
2025-05-19
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura:…
CVE-2025-26872
2025-05-19
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a…
CVE-2025-26735
2025-05-19
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue…
CVE-2025-22287
2025-05-19
MEDIUM
5.4
Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2025-4945
2025-05-19
LOW
3.7
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other…
CVE-2025-4940
2025-05-19
HIGH
7.3
A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0.…
CVE-2025-47583
2025-05-19
MEDIUM
5.4
Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system
CVE-2025-47576
2025-05-19
HIGH
8.8
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral…
CVE-2025-46543
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This…
CVE-2025-46263
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts allows Stored…
CVE-2025-46262
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored…
CVE-2025-39394
2025-05-19
MEDIUM
5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This…
CVE-2025-39388
2025-05-19
MEDIUM
5.3
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a…
CVE-2025-39376
2025-05-19
MEDIUM
4.3
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from…
CVE-2025-39375
2025-05-19
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator allows Cross Site Request Forgery.This issue affects Easy…
CVE-2025-39374
2025-05-19
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a…
CVE-2025-39373
2025-05-19
MEDIUM
5.3
Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5.
CVE-2025-39371
2025-05-19
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue…
CVE-2025-39370
2025-05-19
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cnilsson iCafe Library allows SQL Injection.This…
CVE-2025-39369
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue…
CVE-2025-39368
2025-05-19
MEDIUM
5.3
Missing Authorization vulnerability in ed4becky Rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through…
CVE-2025-39364
2025-05-19
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider…
CVE-2025-39353
2025-05-19
MEDIUM
5.3
Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant…
CVE-2025-39351
2025-05-19
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress:…
CVE-2025-26920
2025-05-19
MEDIUM
5.4
Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through…
CVE-2025-26867
2025-05-19
MEDIUM
5.3
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through…
CVE-2025-4876
2025-05-19
MEDIUM
6.0
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key…
CVE-2025-32920
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue…
CVE-2025-26621
2025-05-19
HIGH
7.6
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user…
CVE-2025-23988
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects…
CVE-2025-23986
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects…
CVE-2025-23983
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from…
CVE-2025-23981
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects…
CVE-2025-23979
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy:…
CVE-2025-22792
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue…
CVE-2025-22791
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twh offset writing allows Reflected XSS.This issue affects…
CVE-2025-22790
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from…
CVE-2025-22789
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects…
CVE-2025-22687
2025-05-19
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4:…
CVE-2025-5051
2025-05-21
HIGH
7.3
A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the…
CVE-2025-46412
2025-05-21
CRITICAL
9.8
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
CVE-2025-45755
2025-05-21
MEDIUM
6.1
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature.…
CVE-2025-41426
2025-05-21
CRITICAL
9.8
Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution…
CVE-2025-36535
2025-05-21
CRITICAL
10.0
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational…
CVE-2025-5050
2025-05-21
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. This issue affects some unknown…
« Anterior
Página 394 de 3521
Siguiente »
Page load link
Go to Top
