Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-42041
2022-10-11
CRITICAL
9.8
The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-42040
2022-10-11
CRITICAL
9.8
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-42039
2022-10-11
CRITICAL
9.8
The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-42038
2022-10-11
CRITICAL
9.8
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41530
2022-10-12
HIGH
7.2
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.
CVE-2022-41408
2022-10-12
CRITICAL
9.8
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
CVE-2022-41407
2022-10-12
HIGH
7.2
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
CVE-2024-4757
2024-06-25
HIGH
8.1
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing…
CVE-2024-4900
2024-06-24
MEDIUM
6.1
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor…
CVE-2024-4899
2024-06-24
MEDIUM
5.0
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high…
CVE-2024-5522
2024-06-20
MEDIUM
6.5
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before…
CVE-2024-5573
2024-06-26
MEDIUM
5.9
The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could…
CVE-2024-5473
2024-06-26
MEDIUM
4.0
The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-5071
2024-06-26
MEDIUM
6.5
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent…
CVE-2024-3633
2024-06-26
MEDIUM
5.4
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with…
CVE-2024-4759
2024-06-25
MEDIUM
5.5
The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a…
CVE-2024-5730
2024-06-28
MEDIUM
6.1
The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-5729
2024-06-28
MEDIUM
6.1
The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-5728
2024-06-28
MEDIUM
5.4
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-5727
2024-06-28
MEDIUM
4.7
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5570
2024-06-28
MEDIUM
6.5
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any…
CVE-2025-43566
2025-05-13
MEDIUM
6.8
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2025-43565
2025-05-13
HIGH
8.4
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code…
CVE-2025-43564
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary…
CVE-2025-43563
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary…
CVE-2025-43562
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2025-43561
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code…
CVE-2025-43560
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-43559
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-30316
2025-05-13
MEDIUM
5.4
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-30315
2025-05-13
MEDIUM
6.1
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-30314
2025-05-13
MEDIUM
6.1
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-43567
2025-05-13
CRITICAL
9.3
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2024-52879
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2024-52878
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2024-52877
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2025-4866
2025-05-18
MEDIUM
6.3
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of…
CVE-2025-46053
2025-05-15
MEDIUM
5.1
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting…
CVE-2025-26864
2025-05-14
HIGH
7.5
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of…
CVE-2025-26795
2025-05-14
HIGH
7.5
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC…
CVE-2025-0020
2025-05-14
N/A
0.0
Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected…
CVE-2024-6534
2024-08-15
MEDIUM
4.3
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another…
CVE-2024-23440
2024-02-13
HIGH
7.1
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to…
CVE-2024-23439
2024-02-13
HIGH
7.1
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F,…
CVE-2023-5011
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does…
CVE-2023-5010
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does…
CVE-2023-5007
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does…
CVE-2025-30393
2025-05-13
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30388
2025-05-13
HIGH
7.8
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30394
2025-05-13
MEDIUM
5.9
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over…
« Anterior
Página 412 de 3522
Siguiente »
Page load link
Go to Top
