Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-3158
2022-10-17
HIGH
8.8
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint…
CVE-2025-4023
2025-04-28
HIGH
7.3
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some…
CVE-2015-2079
2025-04-28
CRITICAL
9.9
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three…
CVE-2022-41871
2025-04-28
MEDIUM
6.0
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in…
CVE-2024-57439
2025-01-29
MEDIUM
4.9
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of…
CVE-2024-57438
2025-01-29
MEDIUM
5.4
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
CVE-2024-57437
2025-01-29
MEDIUM
6.5
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
CVE-2024-57436
2025-01-29
HIGH
7.2
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring.…
CVE-2024-54762
2025-01-09
MEDIUM
6.3
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter…
CVE-2024-42900
2024-08-28
MEDIUM
6.1
Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable()…
CVE-2024-6511
2024-07-04
LOW
3.5
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function…
CVE-2024-9355
2024-10-01
MEDIUM
6.5
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer…
CVE-2024-24981
2024-05-16
HIGH
7.5
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged…
CVE-2024-29400
2024-04-12
HIGH
7.5
An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.
CVE-2024-2907
2024-04-25
MEDIUM
6.8
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-3048
2024-04-26
MEDIUM
5.5
The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site…
CVE-2024-3188
2024-04-26
MEDIUM
6.3
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode…
CVE-2023-5971
2024-05-14
MEDIUM
4.8
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings,…
CVE-2025-22247
2025-05-12
MEDIUM
6.1
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the…
CVE-2025-2170
2025-04-30
HIGH
7.2
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions…
CVE-2022-3151
2022-10-17
MEDIUM
4.3
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could…
CVE-2022-3150
2022-10-17
HIGH
7.2
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in…
CVE-2024-3239
2024-05-14
MEDIUM
5.4
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of…
CVE-2024-3582
2024-05-14
MEDIUM
4.8
The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well…
CVE-2024-3590
2024-05-14
MEDIUM
6.1
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make…
CVE-2024-3903
2024-05-14
HIGH
7.1
The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is…
CVE-2025-22222
2025-01-30
HIGH
7.7
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for…
CVE-2024-3241
2024-05-14
MEDIUM
5.4
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them…
CVE-2025-22221
2025-01-30
MEDIUM
5.2
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations…
CVE-2025-22220
2025-01-30
MEDIUM
4.3
VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations…
CVE-2025-22219
2025-01-30
MEDIUM
6.8
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to…
CVE-2025-22218
2025-01-30
HIGH
8.5
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able…
CVE-2024-38830
2024-11-26
HIGH
7.8
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to…
CVE-2024-38831
2024-11-26
HIGH
7.8
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into…
CVE-2024-10555
2024-12-20
MEDIUM
4.8
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could…
CVE-2025-2673
2025-03-24
LOW
3.5
A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of…
CVE-2024-38832
2024-11-26
HIGH
7.1
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to…
CVE-2024-38833
2024-11-26
MEDIUM
6.8
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious…
CVE-2024-38834
2024-11-26
MEDIUM
6.5
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able…
CVE-2025-2672
2025-03-23
MEDIUM
6.3
A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some…
CVE-2024-11108
2024-12-20
MEDIUM
5.4
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2025-2984
2025-03-31
MEDIUM
6.3
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some…
CVE-2025-2985
2025-03-31
MEDIUM
6.3
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown…
CVE-2025-3038
2025-03-31
MEDIUM
6.3
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing…
CVE-2025-3039
2025-03-31
MEDIUM
6.3
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-3134
2025-04-03
MEDIUM
6.3
A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of…
CVE-2025-2854
2025-03-27
MEDIUM
6.3
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown…
CVE-2024-8968
2024-12-20
MEDIUM
4.7
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could…
CVE-2024-11607
2024-12-21
MEDIUM
6.1
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2022-42067
2022-10-14
MEDIUM
4.3
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability
« Anterior
Página 447 de 3529
Siguiente »
Page load link
Go to Top
