Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-41347
2022-09-26
HIGH
7.8
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user…
CVE-2022-40927
2022-09-26
HIGH
7.2
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.
CVE-2022-40485
2022-09-26
CRITICAL
9.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.
CVE-2022-40926
2022-09-26
HIGH
7.2
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.
CVE-2022-40484
2022-09-26
CRITICAL
9.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.
CVE-2022-40483
2022-09-26
CRITICAL
9.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.
CVE-2022-40404
2022-09-26
HIGH
8.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.
CVE-2022-40403
2022-09-26
HIGH
7.2
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.
CVE-2022-40402
2022-09-26
HIGH
8.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.
CVE-2022-40199
2022-09-27
LOW
2.7
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2)…
CVE-2022-40099
2022-09-26
HIGH
7.2
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at…
CVE-2022-40098
2022-09-26
HIGH
7.2
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at…
CVE-2022-40097
2022-09-26
HIGH
7.2
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at…
CVE-2022-40050
2022-09-26
CRITICAL
9.8
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
CVE-2022-3055
2022-09-26
HIGH
8.8
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to…
CVE-2022-3054
2022-09-26
MEDIUM
6.5
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-3053
2022-09-26
MEDIUM
4.3
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user…
CVE-2022-3052
2022-09-26
HIGH
8.8
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker…
CVE-2022-3043
2022-09-26
HIGH
8.8
Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who…
CVE-2022-3042
2022-09-26
HIGH
8.8
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially…
CVE-2022-38975
2022-09-27
MEDIUM
5.4
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary…
CVE-2022-37346
2022-09-27
CRITICAL
9.8
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this…
CVE-2022-3041
2022-09-26
HIGH
8.8
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-3040
2022-09-26
HIGH
8.8
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-3039
2022-09-26
HIGH
8.8
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-30004
2022-09-26
CRITICAL
9.8
Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the…
CVE-2022-2998
2022-09-26
HIGH
8.8
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a…
CVE-2021-41437
2022-09-26
MEDIUM
6.5
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific…
CVE-2025-25927
2025-03-11
MEDIUM
6.8
A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET…
CVE-2024-6334
2024-07-09
MEDIUM
6.1
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could…
CVE-2024-5488
2024-07-09
CRITICAL
9.8
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another…
CVE-2024-3410
2024-07-09
MEDIUM
4.3
The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow…
CVE-2024-4057
2024-06-04
MEDIUM
6.1
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its…
CVE-2024-2470
2024-06-04
MEDIUM
5.4
The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow…
CVE-2024-0757
2024-06-04
MEDIUM
5.4
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed…
CVE-2024-4469
2024-05-31
HIGH
7.5
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging…
CVE-2024-3937
2024-05-29
MEDIUM
4.8
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow…
CVE-2024-3921
2024-05-29
MEDIUM
4.8
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-3050
2024-05-29
CRITICAL
9.1
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate…
CVE-2024-3939
2024-05-27
MEDIUM
5.4
The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-3920
2024-05-23
LOW
3.5
The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-3918
2024-05-23
MEDIUM
4.8
The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow…
CVE-2024-3917
2024-05-23
MEDIUM
6.1
The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-3594
2024-05-23
HIGH
8.7
The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-4290
2024-05-21
HIGH
7.1
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-4289
2024-05-21
MEDIUM
6.1
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages…
CVE-2024-13119
2025-02-13
MEDIUM
4.8
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does…
CVE-2024-2189
2024-05-21
MEDIUM
6.1
The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its…
CVE-2024-3368
2024-05-20
MEDIUM
6.1
The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before…
CVE-2024-2744
2024-05-17
MEDIUM
4.3
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high…
« Anterior
Página 400 de 3521
Siguiente »
Page load link
Go to Top
