Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47794
2025-05-16
LOW
2.6
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud…
CVE-2025-47793
2025-05-16
MEDIUM
4.3
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone…
CVE-2025-47792
2025-05-16
MEDIUM
5.0
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already…
CVE-2025-47791
2025-05-16
MEDIUM
4.3
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud…
CVE-2025-4932
2025-05-19
HIGH
7.3
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this…
CVE-2025-41429
2025-05-19
MEDIUM
4.8
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack…
CVE-2025-36560
2025-05-19
HIGH
8.6
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may…
CVE-2025-32999
2025-05-19
MEDIUM
5.4
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists…
CVE-2025-27566
2025-05-19
LOW
3.8
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is…
CVE-2025-46801
2025-05-19
CRITICAL
9.8
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited,…
CVE-2025-37891
2025-05-19
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion…
CVE-2025-4477
2025-05-19
HIGH
7.2
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges…
CVE-2025-2892
2025-05-19
MEDIUM
6.4
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is…
CVE-2025-4894
2025-05-18
LOW
3.7
A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of…
CVE-2025-48219
2025-05-18
LOW
3.5
O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia…
CVE-2025-4868
2025-05-18
MEDIUM
6.3
A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue…
CVE-2025-4867
2025-05-18
MEDIUM
6.5
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the…
CVE-2025-3715
2025-05-18
MEDIUM
6.4
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions…
CVE-2025-4846
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of…
CVE-2025-4610
2025-05-17
MEDIUM
6.4
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all…
CVE-2025-4819
2025-05-17
LOW
3.1
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file…
CVE-2025-4391
2025-05-17
CRITICAL
9.8
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-4389
2025-05-17
CRITICAL
9.8
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-3812
2025-05-17
HIGH
8.1
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation…
CVE-2025-4194
2025-05-17
MEDIUM
6.1
The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3.…
CVE-2025-4189
2025-05-17
MEDIUM
6.1
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-4805
2025-05-16
N/A
0.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS.…
CVE-2025-4804
2025-05-16
N/A
0.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS…
CVE-2025-48188
2025-05-16
LOW
2.9
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading…
CVE-2025-32407
2025-05-16
MEDIUM
5.9
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates,…
CVE-2022-4363
2025-05-16
MEDIUM
6.5
The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check…
CVE-2025-22233
2025-05-16
LOW
3.1
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still…
CVE-2025-4795
2025-05-16
MEDIUM
4.7
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file…
CVE-2025-4792
2025-05-16
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-4476
2025-05-16
MEDIUM
4.3
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup…
CVE-2025-48146
2025-05-16
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow…
CVE-2025-48131
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS.…
CVE-2025-48128
2025-05-16
MEDIUM
4.3
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine…
CVE-2025-48127
2025-05-16
MEDIUM
6.5
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security…
CVE-2025-48121
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS.…
CVE-2025-48120
2025-05-16
MEDIUM
5.3
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG…
CVE-2025-48119
2025-05-16
MEDIUM
5.3
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.…
CVE-2025-48117
2025-05-16
MEDIUM
5.3
Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS:…
CVE-2025-48116
2025-05-16
MEDIUM
5.3
Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from…
CVE-2024-1958
2024-04-08
MEDIUM
4.8
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-1956
2024-04-08
MEDIUM
6.1
The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response…
CVE-2024-1292
2024-04-08
MEDIUM
4.7
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in…
CVE-2024-2016
2024-03-21
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file…
CVE-2023-48902
2024-03-21
CRITICAL
9.8
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete…
CVE-2023-48903
2024-03-21
MEDIUM
6.1
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML…
« Anterior
Página 422 de 3526
Siguiente »
Page load link
Go to Top
