Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-2472
2025-03-18
HIGH
7.3
A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this vulnerability…
CVE-2025-2471
2025-03-18
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Affected is an unknown function…
CVE-2025-4502
2025-05-10
HIGH
7.3
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown…
CVE-2025-22466
2025-04-08
HIGH
8.2
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker…
CVE-2025-22465
2025-04-08
MEDIUM
6.1
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker…
CVE-2025-22464
2025-04-08
MEDIUM
6.1
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an…
CVE-2025-22461
2025-04-08
HIGH
7.2
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker…
CVE-2025-22459
2025-04-08
MEDIUM
4.8
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated…
CVE-2025-4503
2025-05-10
HIGH
7.3
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown…
CVE-2024-42179
2025-01-12
LOW
2.0
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's…
CVE-2024-42175
2025-01-11
LOW
2.6
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length…
CVE-2024-42174
2025-01-11
LOW
3.7
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and…
CVE-2024-42173
2025-01-11
MEDIUM
4.8
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow…
CVE-2024-42172
2025-01-11
MEDIUM
5.3
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to…
CVE-2024-42171
2025-01-11
MEDIUM
6.4
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session…
CVE-2024-42170
2025-01-11
MEDIUM
6.8
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session…
CVE-2024-42169
2025-01-11
HIGH
7.1
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to…
CVE-2024-42168
2025-01-11
HIGH
8.9
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious…
CVE-2025-4504
2025-05-10
HIGH
7.3
A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an…
CVE-2024-42180
2025-01-12
LOW
1.6
HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types,…
CVE-2024-42181
2025-01-12
LOW
1.6
HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in…
CVE-2024-42176
2025-03-19
LOW
2.6
HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for…
CVE-2024-42177
2025-04-17
LOW
2.6
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the…
CVE-2024-42178
2025-04-17
LOW
2.5
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially…
CVE-2025-4505
2025-05-10
HIGH
7.3
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this…
CVE-2024-5744
2024-07-13
MEDIUM
6.8
The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which…
CVE-2024-6070
2024-07-13
MEDIUM
4.8
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could…
CVE-2023-7268
2024-07-19
MEDIUM
6.5
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated…
CVE-2023-7269
2024-07-19
HIGH
7.5
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2024-5604
2024-07-19
MEDIUM
5.9
The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-40502
2024-07-22
CRITICAL
9.8
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via…
CVE-2024-4260
2024-07-23
MEDIUM
6.5
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of…
CVE-2025-4209
2025-05-15
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-35431
2024-05-30
HIGH
7.5
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the…
CVE-2022-42721
2022-10-14
MEDIUM
5.5
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16…
CVE-2022-42720
2022-10-14
HIGH
7.8
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16…
CVE-2022-42719
2022-10-13
HIGH
8.8
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16…
CVE-2022-32149
2022-10-14
HIGH
7.5
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to…
CVE-2024-57598
2025-02-05
MEDIUM
6.5
A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote…
CVE-2024-25839
2024-03-03
HIGH
7.5
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to…
CVE-2024-24302
2024-03-03
CRITICAL
9.8
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to…
CVE-2024-24307
2024-03-03
HIGH
7.5
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to…
CVE-2024-25438
2024-03-01
MEDIUM
6.1
A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts…
CVE-2024-27734
2024-03-01
MEDIUM
6.1
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script…
CVE-2024-25843
2024-02-27
CRITICAL
9.8
In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for…
CVE-2024-13896
2025-04-10
MEDIUM
6.5
The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression…
CVE-2024-13628
2025-02-26
MEDIUM
6.1
The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-13624
2025-02-26
HIGH
7.1
The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-13571
2025-02-26
HIGH
7.1
The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-13113
2025-02-26
MEDIUM
5.9
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on…
« Anterior
Página 437 de 3529
Siguiente »
Page load link
Go to Top
