Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-13678
2025-02-26
MEDIUM
6.1
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the…
CVE-2025-1288
2025-05-15
MEDIUM
6.1
The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well…
CVE-2024-56408
2025-01-03
MEDIUM
5.4
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have…
CVE-2024-12873
2025-05-15
MEDIUM
6.1
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-55893
2025-01-14
MEDIUM
4.3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface…
CVE-2023-50976
2023-12-18
CRITICAL
9.8
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
CVE-2022-41870
2022-09-30
HIGH
7.2
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
CVE-2022-40408
2022-09-29
MEDIUM
5.4
FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box…
CVE-2022-40314
2022-09-30
CRITICAL
9.8
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVE-2022-40313
2022-09-30
HIGH
7.1
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a…
CVE-2022-40277
2022-09-30
HIGH
7.8
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in…
CVE-2022-40274
2022-09-30
HIGH
7.8
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious…
CVE-2022-1959
2022-09-30
MEDIUM
6.6
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because…
CVE-2024-37131
2024-06-13
HIGH
7.5
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially…
CVE-2024-24903
2024-03-01
HIGH
8.0
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent…
CVE-2024-24904
2024-03-01
HIGH
7.6
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged…
CVE-2024-24906
2024-03-01
HIGH
7.6
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent…
CVE-2024-24900
2024-03-01
MEDIUM
5.8
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker…
CVE-2024-24905
2024-03-01
HIGH
7.6
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged…
CVE-2024-24907
2024-03-01
HIGH
7.6
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An…
CVE-2024-5713
2024-07-13
MEDIUM
5.4
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in…
CVE-2024-5715
2024-07-13
HIGH
7.1
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-6231
2024-07-23
MEDIUM
5.9
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow…
CVE-2024-55894
2025-01-14
MEDIUM
4.3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface…
CVE-2023-4724
2023-12-18
HIGH
7.2
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does…
CVE-2022-41406
2022-10-12
HIGH
7.2
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code…
CVE-2022-41191
2022-10-11
HIGH
7.8
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from…
CVE-2022-40931
2022-09-29
MEDIUM
6.1
dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-39168
2022-09-29
HIGH
7.5
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
CVE-2022-38732
2022-09-29
HIGH
7.5
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that…
CVE-2025-23382
2025-03-19
MEDIUM
5.5
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an…
CVE-2024-29169
2024-06-13
MEDIUM
5.4
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST…
CVE-2025-26475
2025-03-19
MEDIUM
5.5
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers…
CVE-2025-47708
2025-05-14
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects…
CVE-2025-47704
2025-05-14
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site…
CVE-2025-47703
2025-05-14
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This…
CVE-2025-47701
2025-05-14
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route…
CVE-2024-10009
2025-05-15
MEDIUM
4.1
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a…
CVE-2022-40944
2022-09-30
CRITICAL
9.8
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2022-40316
2022-09-30
MEDIUM
4.3
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing…
CVE-2022-40315
2022-09-30
CRITICAL
9.8
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-36965
2022-09-30
MEDIUM
6.1
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue…
CVE-2021-33354
2022-09-30
HIGH
8.1
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVE-2025-27088
2025-02-20
HIGH
8.2
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers…
CVE-2024-45818
2024-12-19
MEDIUM
6.5
The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode.…
CVE-2024-11140
2025-05-15
LOW
3.5
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of…
CVE-2024-10631
2025-05-15
MEDIUM
6.5
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block…
CVE-2024-10149
2025-05-15
MEDIUM
4.8
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow…
CVE-2024-10143
2025-05-15
MEDIUM
4.8
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its…
CVE-2024-10098
2025-05-15
LOW
2.7
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access…
« Anterior
Página 408 de 3522
Siguiente »
Page load link
Go to Top
