Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48128
2025-05-16
MEDIUM
4.3
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine…
CVE-2025-48127
2025-05-16
MEDIUM
6.5
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security…
CVE-2025-48121
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS.…
CVE-2025-48120
2025-05-16
MEDIUM
5.3
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG…
CVE-2025-48119
2025-05-16
MEDIUM
5.3
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.…
CVE-2025-48117
2025-05-16
MEDIUM
5.3
Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS:…
CVE-2025-48116
2025-05-16
MEDIUM
5.3
Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from…
CVE-2024-1958
2024-04-08
MEDIUM
4.8
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-1956
2024-04-08
MEDIUM
6.1
The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response…
CVE-2024-1292
2024-04-08
MEDIUM
4.7
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in…
CVE-2024-2016
2024-03-21
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file…
CVE-2023-48902
2024-03-21
CRITICAL
9.8
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete…
CVE-2023-48903
2024-03-21
MEDIUM
6.1
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML…
CVE-2023-48901
2024-03-21
CRITICAL
9.8
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the…
CVE-2024-2015
2024-03-21
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of…
CVE-2024-24549
2024-03-13
HIGH
7.5
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request,…
CVE-2024-23672
2024-03-13
MEDIUM
6.3
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections…
CVE-2024-2568
2024-03-17
MEDIUM
4.7
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2024-26466
2024-02-26
MEDIUM
6.1
A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute…
CVE-2024-41693
2024-07-30
MEDIUM
6.1
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2023-27043
2023-04-19
MEDIUM
5.3
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of…
CVE-2025-3952
2025-05-01
HIGH
8.1
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to…
CVE-2024-13845
2025-05-01
MEDIUM
5.5
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-4149
2025-05-01
HIGH
8.8
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The…
CVE-2025-24887
2025-04-30
MEDIUM
6.3
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can…
CVE-2025-4099
2025-05-01
MEDIUM
6.4
The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions…
CVE-2024-21610
2024-04-12
MEDIUM
4.3
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows…
CVE-2025-4921
2025-05-17
N/A
0.0
Rejected reason: Duplicate of CVE-2025-4919
CVE-2025-4920
2025-05-17
N/A
0.0
Rejected reason: Duplicate of CVE-2025-4918
CVE-2024-12950
2024-12-26
MEDIUM
6.3
A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some…
CVE-2025-37880
2025-05-09
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield…
CVE-2025-3173
2025-04-03
HIGH
7.3
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an…
CVE-2025-37821
2025-05-08
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash…
CVE-2025-47203
2025-05-07
MEDIUM
4.5
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
CVE-2024-13965
2025-05-17
N/A
0.0
Rejected reason: wrong year
CVE-2024-13964
2025-05-17
N/A
0.0
Rejected reason: wrong year
CVE-2025-4331
2025-05-06
HIGH
7.3
A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of…
CVE-2024-54780
2025-05-14
HIGH
8.8
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN…
CVE-2023-1061
2023-02-27
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some…
CVE-2023-1059
2023-02-27
MEDIUM
6.3
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the…
CVE-2025-2605
2025-05-02
CRITICAL
9.9
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.…
CVE-2025-22458
2025-04-08
HIGH
7.8
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to…
CVE-2024-9882
2025-05-15
MEDIUM
4.8
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and…
CVE-2024-9238
2025-05-15
MEDIUM
5.4
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role…
CVE-2024-9236
2025-05-15
MEDIUM
4.8
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9227
2025-05-15
MEDIUM
4.8
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when…
CVE-2024-9182
2025-05-15
MEDIUM
4.8
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-8759
2025-05-15
MEDIUM
4.8
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8702
2025-05-15
MEDIUM
4.8
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8492
2025-05-15
MEDIUM
4.8
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege…
« Anterior
Página 423 de 3527
Siguiente »
Page load link
Go to Top
