Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-58805
2025-09-05
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through…
CVE-2025-58804
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7.
CVE-2025-58802
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration allows Cross Site Request Forgery. This issue affects TrustMate.io – WooCommerce integration: from n/a through 1.14.0.
CVE-2025-58801
2025-09-05
MEDIUM
5.4
Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8.
CVE-2025-58800
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3.
CVE-2025-58799
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through…
CVE-2025-58798
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu allows Cross Site Request Forgery. This issue affects BCM Duplicate Menu: from n/a through 1.1.2.
CVE-2025-58797
2025-09-05
MEDIUM
5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from…
CVE-2025-58796
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dudaster Elementor Element Condition allows Stored XSS. This issue affects Elementor Element Condition: from n/a through…
CVE-2025-58795
2025-09-05
MEDIUM
5.3
Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout allows Content Spoofing. This issue affects Payoneer Checkout: from n/a through 3.4.0.
CVE-2025-58794
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram allows Cross Site Request Forgery. This issue affects Notification for Telegram: from n/a through 3.4.6.
CVE-2025-58793
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Elementor Addons allows Stored XSS. This issue affects WPB Elementor Addons: from n/a through…
CVE-2025-58792
2025-09-05
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List allows Cross Site Request Forgery. This issue affects Authors List: from n/a through 2.0.6.1.
CVE-2025-58791
2025-09-05
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arjan Olsder SEO Auto Linker allows Stored XSS. This issue affects SEO Auto Linker: from n/a…
CVE-2025-58790
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi allows Stored XSS. This issue affects Kiwi: from n/a through 2.1.8.
CVE-2025-58789
2025-09-05
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free allows SQL Injection. This issue affects WP Full Stripe…
CVE-2025-58788
2025-09-05
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal License Manager for WooCommerce allows Blind SQL Injection. This issue affects License…
CVE-2025-58787
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup allows Stored XSS. This issue affects Themify Popup: from n/a through 1.4.4.
CVE-2025-58786
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons allows DOM-Based XSS. This issue affects Ibtana – Ecommerce…
CVE-2025-58785
2025-09-05
MEDIUM
5.4
Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise Translation: from n/a through 1.7.1.
CVE-2025-58784
2025-09-05
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox allows Stored XSS. This issue affects ARI Fancy Lightbox: from n/a through…
CVE-2025-58783
2025-09-05
MEDIUM
4.3
Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.1.
CVE-2024-21977
2025-09-05
LOW
3.2
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for…
CVE-2025-58313
2025-09-05
MEDIUM
5.1
Race condition vulnerability in the device standby module. Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.
CVE-2025-58296
2025-09-05
HIGH
7.5
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-58281
2025-09-05
HIGH
8.4
Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58280
2025-09-05
HIGH
8.4
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58276
2025-09-05
MEDIUM
6.8
Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48395
2025-09-05
MEDIUM
4.7
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security…
CVE-2025-8944
2025-09-05
MEDIUM
4.3
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated…
CVE-2025-58400
2025-09-05
MEDIUM
6.7
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the…
CVE-2025-55671
2025-09-05
HIGH
7.8
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the…
CVE-2025-55037
2025-09-05
CRITICAL
9.8
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary…
CVE-2025-41408
2025-09-05
MEDIUM
4.3
Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user…
CVE-2025-58401
2025-09-05
MEDIUM
6.8
Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github…
CVE-2025-8684
2025-09-05
MEDIUM
6.4
The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization…
CVE-2025-9990
2025-09-05
HIGH
8.1
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. This makes it…
CVE-2025-7445
2025-09-05
MEDIUM
6.5
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.
CVE-2025-58362
2025-09-05
HIGH
7.5
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow…
CVE-2025-58359
2025-09-05
N/A
0.0
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares with smaller min_signers will reduce security of group.…
CVE-2025-58352
2025-09-05
N/A
0.0
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry…
CVE-2025-58179
2025-09-05
HIGH
7.2
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using…
CVE-2025-55739
2025-09-05
N/A
0.0
api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and…
CVE-2025-55305
2025-09-04
MEDIUM
6.1
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6,…
CVE-2025-55244
2025-09-04
CRITICAL
9.0
Azure Bot Service Elevation of Privilege Vulnerability
CVE-2025-55242
2025-09-04
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
CVE-2025-55241
2025-09-04
CRITICAL
9.0
Azure Entra Elevation of Privilege Vulnerability
CVE-2025-55238
2025-09-04
HIGH
7.5
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVE-2025-55209
2025-09-04
N/A
0.0
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0…
CVE-2025-55190
2025-09-04
CRITICAL
9.9
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens…
« Anterior
Página 494 de 3939
Siguiente »
Page load link
Go to Top
