Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-4289
2024-05-21
MEDIUM
6.1
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages…
CVE-2024-13119
2025-02-13
MEDIUM
4.8
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does…
CVE-2024-2189
2024-05-21
MEDIUM
6.1
The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its…
CVE-2024-3368
2024-05-20
MEDIUM
6.1
The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before…
CVE-2024-2744
2024-05-17
MEDIUM
4.3
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-13120
2025-02-13
MEDIUM
4.8
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does…
CVE-2024-13121
2025-02-13
LOW
3.5
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does…
CVE-2024-13125
2025-02-13
LOW
3.5
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-2054
2025-03-07
MEDIUM
4.7
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this…
CVE-2025-2059
2025-03-07
HIGH
7.3
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is…
CVE-2025-4427
2025-05-13
MEDIUM
5.3
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected…
CVE-2025-4428
2025-05-13
HIGH
7.2
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers…
CVE-2025-2060
2025-03-07
HIGH
7.3
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an…
CVE-2024-11182
2024-11-15
MEDIUM
6.1
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with…
CVE-2024-27443
2024-08-12
MEDIUM
6.1
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite…
CVE-2024-13805
2025-03-07
MEDIUM
6.4
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored…
CVE-2023-38950
2023-08-03
HIGH
7.5
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via…
CVE-2025-26910
2025-03-10
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVE-2024-31841
2024-04-19
HIGH
7.5
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers…
CVE-2024-31846
2024-04-19
HIGH
7.5
An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a…
CVE-2024-31845
2024-05-21
MEDIUM
5.3
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written…
CVE-2024-31843
2024-05-23
MEDIUM
4.1
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input…
CVE-2024-27752
2024-04-19
MEDIUM
5.4
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword…
CVE-2022-40928
2022-09-26
HIGH
7.2
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.
CVE-2022-40925
2022-09-26
HIGH
7.2
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of…
CVE-2022-40924
2022-09-26
HIGH
7.2
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of…
CVE-2022-40116
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.
CVE-2022-40115
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.
CVE-2022-3200
2022-09-26
HIGH
8.8
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-3199
2022-09-26
HIGH
8.8
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-40114
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.
CVE-2022-3198
2022-09-26
HIGH
8.8
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption…
CVE-2022-38970
2022-09-26
MEDIUM
6.5
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for…
CVE-2022-36159
2022-09-26
HIGH
8.8
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the…
CVE-2025-25907
2025-03-10
HIGH
8.8
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to…
CVE-2024-32489
2024-04-15
MEDIUM
6.1
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
CVE-2024-22640
2024-04-19
HIGH
7.5
TCPDF version
CVE-2024-22641
2024-05-28
HIGH
7.5
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
CVE-2024-30885
2024-04-11
MEDIUM
6.1
Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via…
CVE-2024-30886
2024-04-23
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts…
CVE-2024-33661
2024-04-26
CRITICAL
9.1
Portainer before 2.20.0 allows redirects when the target is not index.yaml.
CVE-2024-33662
2024-10-02
HIGH
7.5
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
CVE-2024-50919
2024-11-18
CRITICAL
9.8
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as…
CVE-2025-2211
2025-03-11
LOW
2.4
A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality…
CVE-2025-2210
2025-03-11
LOW
2.4
A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown…
CVE-2025-2209
2025-03-11
LOW
2.4
A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the…
CVE-2025-2208
2025-03-11
LOW
2.4
A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing…
CVE-2025-2207
2025-03-11
LOW
2.4
A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept.…
CVE-2024-20294
2024-02-29
MEDIUM
6.6
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow…
CVE-2025-26771
2025-02-17
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder…
« Anterior
Página 401 de 3521
Siguiente »
Page load link
Go to Top
