Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47889
2025-05-14
CRITICAL
9.8
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm,…
CVE-2025-43915
2025-05-05
MEDIUM
6.5
In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion…
CVE-2025-24661
2025-02-03
HIGH
8.8
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking…
CVE-2025-23167
2025-05-19
MEDIUM
6.5
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.…
CVE-2024-57273
2025-05-14
MEDIUM
5.4
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the…
CVE-2023-35006
2024-07-10
MEDIUM
5.4
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when…
CVE-2023-33860
2024-07-10
MEDIUM
5.3
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be…
CVE-2024-3851
2024-05-16
MEDIUM
5.4
A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can…
CVE-2025-4872
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of…
CVE-2025-4871
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown…
CVE-2025-4838
2025-05-17
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost…
CVE-2025-47948
2025-05-17
HIGH
7.2
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2,…
CVE-2025-47945
2025-05-17
CRITICAL
9.1
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT)…
CVE-2025-47788
2025-05-15
N/A
0.0
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not…
CVE-2025-47787
2025-05-15
N/A
0.0
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The…
CVE-2025-47786
2025-05-15
N/A
0.0
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered…
CVE-2025-47785
2025-05-15
HIGH
8.3
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the…
CVE-2025-47710
2025-05-14
HIGH
7.4
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This…
CVE-2025-47709
2025-05-14
MEDIUM
6.5
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA…
CVE-2025-47706
2025-05-14
MEDIUM
4.8
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue…
CVE-2025-1626
2025-05-19
MEDIUM
5.4
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting…
CVE-2025-23166
2025-05-19
HIGH
7.5
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the…
CVE-2025-23164
2025-05-19
MEDIUM
4.4
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a…
CVE-2025-1625
2025-05-19
MEDIUM
5.4
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting…
CVE-2024-3062
2025-05-15
MEDIUM
4.8
The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings,…
CVE-2024-45516
2025-05-14
MEDIUM
6.1
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15…
CVE-2024-54779
2025-05-14
MEDIUM
5.4
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in…
CVE-2024-2869
2025-05-15
MEDIUM
4.8
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow…
CVE-2024-0403
2024-03-01
MEDIUM
6.5
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is…
CVE-2023-49272
2023-12-20
MEDIUM
5.4
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied…
CVE-2023-49271
2023-12-20
MEDIUM
5.4
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied…
CVE-2023-49270
2023-12-20
MEDIUM
5.4
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied…
CVE-2023-49269
2023-12-20
MEDIUM
5.4
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied…
CVE-2025-32819
2025-05-07
HIGH
8.8
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and…
CVE-2025-32820
2025-05-07
HIGH
8.8
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to…
CVE-2025-32821
2025-05-07
HIGH
7.2
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell…
CVE-2025-45798
2025-05-08
CRITICAL
9.8
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the…
CVE-2024-4758
2024-06-26
HIGH
7.6
The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings,…
CVE-2024-5287
2024-07-13
HIGH
7.1
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow…
CVE-2024-5286
2024-07-13
MEDIUM
4.8
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5284
2024-07-13
MEDIUM
6.8
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well…
CVE-2024-5283
2024-07-13
MEDIUM
6.1
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5282
2024-07-13
MEDIUM
6.1
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5281
2024-07-13
MEDIUM
6.1
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-5280
2024-07-13
MEDIUM
4.7
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well…
CVE-2023-28656
2023-05-03
HIGH
8.1
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note:…
CVE-2024-3641
2024-05-16
MEDIUM
6.1
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to…
CVE-2024-3642
2024-05-16
MEDIUM
6.9
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to…
CVE-2024-3643
2024-05-16
HIGH
8.8
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to…
CVE-2024-3644
2024-05-16
MEDIUM
4.8
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high…
« Anterior
Página 418 de 3526
Siguiente »
Page load link
Go to Top
