Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-5573
2024-06-26
MEDIUM
5.9
The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could…
CVE-2024-5473
2024-06-26
MEDIUM
4.0
The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-5071
2024-06-26
MEDIUM
6.5
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent…
CVE-2024-3633
2024-06-26
MEDIUM
5.4
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with…
CVE-2024-4759
2024-06-25
MEDIUM
5.5
The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a…
CVE-2024-5730
2024-06-28
MEDIUM
6.1
The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-5729
2024-06-28
MEDIUM
6.1
The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-5728
2024-06-28
MEDIUM
5.4
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-5727
2024-06-28
MEDIUM
4.7
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5570
2024-06-28
MEDIUM
6.5
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any…
CVE-2025-43566
2025-05-13
MEDIUM
6.8
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2025-43565
2025-05-13
HIGH
8.4
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code…
CVE-2025-43564
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary…
CVE-2025-43563
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary…
CVE-2025-43562
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2025-43561
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code…
CVE-2025-43560
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-43559
2025-05-13
CRITICAL
9.1
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-30316
2025-05-13
MEDIUM
5.4
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-30315
2025-05-13
MEDIUM
6.1
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-30314
2025-05-13
MEDIUM
6.1
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2025-43567
2025-05-13
CRITICAL
9.3
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by…
CVE-2024-52879
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2024-52878
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2024-52877
2025-05-15
HIGH
7.5
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2025-4866
2025-05-18
MEDIUM
6.3
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of…
CVE-2025-46053
2025-05-15
MEDIUM
5.1
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting…
CVE-2025-26864
2025-05-14
HIGH
7.5
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of…
CVE-2025-26795
2025-05-14
HIGH
7.5
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC…
CVE-2025-0020
2025-05-14
N/A
0.0
Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected…
CVE-2024-6534
2024-08-15
MEDIUM
4.3
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another…
CVE-2024-23440
2024-02-13
HIGH
7.1
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to…
CVE-2024-23439
2024-02-13
HIGH
7.1
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F,…
CVE-2023-5011
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does…
CVE-2023-5010
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does…
CVE-2023-5007
2023-12-20
HIGH
8.8
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does…
CVE-2025-30393
2025-05-13
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30388
2025-05-13
HIGH
7.8
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30394
2025-05-13
MEDIUM
5.9
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over…
CVE-2025-32702
2025-05-13
HIGH
7.8
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute…
CVE-2025-32703
2025-05-13
MEDIUM
5.5
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2025-32704
2025-05-13
HIGH
8.4
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29839
2025-05-13
MEDIUM
4.0
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.
CVE-2025-29840
2025-05-13
HIGH
8.8
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29841
2025-05-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to…
CVE-2024-4534
2024-05-27
MEDIUM
6.1
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2024-4535
2024-05-27
HIGH
8.8
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to…
CVE-2024-4533
2024-05-27
MEDIUM
6.5
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL…
CVE-2025-29842
2025-05-13
HIGH
7.5
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over…
CVE-2025-29954
2025-05-13
MEDIUM
5.9
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a…
« Anterior
Página 415 de 3525
Siguiente »
Page load link
Go to Top
