Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-9934
2024-11-06
MEDIUM
6.1
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page,…
CVE-2024-8378
2024-11-07
MEDIUM
4.8
The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but…
CVE-2024-10000
2024-10-29
MEDIUM
6.4
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2024-10008
2024-10-29
HIGH
8.8
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile…
CVE-2024-51242
2024-10-30
MEDIUM
6.5
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the…
CVE-2024-5429
2024-10-17
HIGH
7.6
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them…
CVE-2024-48411
2024-10-15
CRITICAL
9.8
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the…
CVE-2025-27820
2025-04-24
HIGH
7.5
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification.…
CVE-2025-26601
2025-02-25
HIGH
7.8
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are…
CVE-2025-1493
2025-05-05
MEDIUM
5.3
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to…
CVE-2025-22235
2025-04-28
HIGH
7.3
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your…
CVE-2025-22872
2025-04-16
MEDIUM
6.5
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly…
CVE-2025-26600
2025-02-25
HIGH
7.8
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued…
CVE-2024-8654
2024-09-10
MEDIUM
5.0
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation…
CVE-2024-8207
2024-08-27
MEDIUM
6.4
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may…
CVE-2023-3726
2024-01-04
MEDIUM
6.9
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.
CVE-2025-1454
2025-05-15
MEDIUM
5.4
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-9879
2025-05-15
MEDIUM
5.4
The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a…
CVE-2024-9838
2025-05-15
MEDIUM
5.4
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a…
CVE-2024-9663
2025-05-15
MEDIUM
5.4
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-9662
2025-05-15
MEDIUM
5.4
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-44041
2024-10-06
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This…
CVE-2024-47638
2024-10-05
HIGH
7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar…
CVE-2024-7315
2024-10-02
HIGH
7.5
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when…
CVE-2024-45983
2024-09-26
MEDIUM
6.3
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to…
CVE-2024-39928
2024-09-25
HIGH
7.5
In Apache Linkis
CVE-2024-3673
2024-08-30
CRITICAL
9.1
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which…
CVE-2023-24163
2023-01-31
CRITICAL
9.8
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVE-2023-24468
2023-03-15
CRITICAL
9.8
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2022-48425
2023-03-19
HIGH
7.8
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying…
CVE-2024-6846
2024-09-05
MEDIUM
5.3
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated…
CVE-2024-45158
2024-09-05
CRITICAL
9.8
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur…
CVE-2025-1578
2025-02-23
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part…
CVE-2024-7891
2024-09-10
MEDIUM
4.8
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow…
CVE-2024-7955
2024-09-10
MEDIUM
4.8
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-7846
2024-09-23
MEDIUM
5.4
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This…
CVE-2025-2898
2025-05-06
HIGH
7.5
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to…
CVE-2025-4196
2025-05-02
MEDIUM
6.3
A vulnerability was found in SourceCodester Patient Record Management System 1.0. It has been rated as critical. This issue affects…
CVE-2025-42999
2025-05-13
CRITICAL
9.1
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when…
CVE-2025-32756
2025-05-13
CRITICAL
9.8
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0…
CVE-2025-2203
2025-05-15
MEDIUM
6.1
The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement,…
CVE-2023-6541
2025-05-15
MEDIUM
6.1
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role…
CVE-2023-6030
2025-05-15
MEDIUM
5.4
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login…
CVE-2023-2334
2025-05-15
MEDIUM
5.4
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF…
CVE-2023-32137
2024-05-03
MEDIUM
6.5
D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected…
CVE-2023-32138
2024-05-03
HIGH
8.8
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2023-32139
2024-05-03
HIGH
8.8
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2023-32140
2024-05-03
HIGH
7.5
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2023-32141
2024-05-03
HIGH
8.8
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2023-32142
2024-05-03
HIGH
8.8
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
« Anterior
Página 425 de 3527
Siguiente »
Page load link
Go to Top
