Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-58985
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product…
CVE-2025-58984
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-58983
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
CVE-2025-58982
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through…
CVE-2025-58981
2025-09-09
MEDIUM
5.4
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from…
CVE-2025-58980
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS:…
CVE-2025-58979
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
CVE-2025-58978
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through…
CVE-2025-58977
2025-09-09
MEDIUM
4.9
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
CVE-2025-58976
2025-09-09
MEDIUM
4.3
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from…
CVE-2025-58975
2025-09-09
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-58215
2025-09-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from…
CVE-2025-55317
2025-09-09
HIGH
7.8
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-55316
2025-09-09
HIGH
7.8
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2025-55245
2025-09-09
HIGH
7.8
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-55243
2025-09-09
HIGH
7.5
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55236
2025-09-09
HIGH
7.3
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-55234
2025-09-09
HIGH
8.8
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject…
CVE-2025-55232
2025-09-09
CRITICAL
9.8
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
CVE-2025-55228
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55227
2025-09-09
HIGH
8.8
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-55226
2025-09-09
MEDIUM
6.7
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-55225
2025-09-09
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-55224
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55223
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-54919
2025-09-09
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-54918
2025-09-09
HIGH
8.8
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-54917
2025-09-09
MEDIUM
4.3
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54916
2025-09-09
HIGH
7.8
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2025-54915
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54913
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
CVE-2025-54912
2025-09-09
HIGH
7.8
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
CVE-2025-54911
2025-09-09
HIGH
7.3
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
CVE-2025-54910
2025-09-09
HIGH
8.4
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-54908
2025-09-09
HIGH
7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-54907
2025-09-09
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-54906
2025-09-09
HIGH
7.8
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-54905
2025-09-09
HIGH
7.1
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2025-54904
2025-09-09
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54903
2025-09-09
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54902
2025-09-09
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54901
2025-09-09
MEDIUM
5.5
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-54900
2025-09-09
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54899
2025-09-09
HIGH
7.8
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54898
2025-09-09
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54897
2025-09-09
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-54896
2025-09-09
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54895
2025-09-09
HIGH
7.8
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
CVE-2025-54894
2025-09-09
HIGH
7.8
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2025-54709
2025-09-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.
« Anterior
Página 480 de 3937
Siguiente »
Page load link
Go to Top
