Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-52738
2025-10-22
CRITICAL
9.1
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through
CVE-2025-52736
2025-10-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through
CVE-2025-52735
2025-10-22
CRITICAL
9.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through
CVE-2025-52734
2025-10-22
CRITICAL
9.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through
CVE-2025-49912
2025-10-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through
CVE-2025-49911
2025-10-22
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from…
CVE-2025-49910
2025-10-22
HIGH
8.2
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through
CVE-2025-1680
2025-10-23
N/A
0.0
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers…
CVE-2025-1679
2025-10-23
N/A
0.0
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact…
CVE-2025-11429
2025-10-23
MEDIUM
5.4
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me"…
CVE-2025-8427
2025-10-23
MEDIUM
6.4
The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 2.9.2.1 due…
CVE-2025-62393
2025-10-23
MEDIUM
4.3
A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses…
CVE-2025-11128
2025-10-23
MEDIUM
5.0
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions…
CVE-2025-11023
2025-10-23
CRITICAL
9.8
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc.…
CVE-2025-10705
2025-10-23
MEDIUM
5.3
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due…
CVE-2024-14011
2025-10-23
N/A
0.0
Rejected reason: This is a duplicate.
CVE-2025-60338
2025-10-22
HIGH
7.5
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-62401
2025-10-23
MEDIUM
5.4
An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
CVE-2025-62400
2025-10-23
MEDIUM
4.3
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted…
CVE-2025-62399
2025-10-23
HIGH
7.5
Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
CVE-2025-62397
2025-10-23
MEDIUM
5.3
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
CVE-2025-62396
2025-10-23
MEDIUM
5.3
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
CVE-2025-62395
2025-10-23
MEDIUM
4.3
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
CVE-2025-62394
2025-10-23
MEDIUM
4.3
Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.
CVE-2025-10355
2025-10-23
N/A
0.0
Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites…
CVE-2025-41073
2025-10-23
N/A
0.0
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including…
CVE-2025-40643
2025-10-23
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by…
CVE-2025-9981
2025-10-23
N/A
0.0
QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-9980
2025-10-23
N/A
0.0
QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-12105
2025-10-23
HIGH
7.5
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations…
CVE-2025-10914
2025-10-23
HIGH
7.6
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS.This issue affects…
CVE-2025-10727
2025-10-23
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.
CVE-2023-53701
2025-10-22
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-62499
2025-10-23
MEDIUM
4.8
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary…
CVE-2025-61865
2025-10-23
MEDIUM
6.7
NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary…
CVE-2025-54856
2025-10-23
MEDIUM
4.8
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may…
CVE-2025-54806
2025-10-23
MEDIUM
6.1
GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product,…
CVE-2025-62820
2025-10-23
MEDIUM
4.9
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
CVE-2025-62813
2025-10-23
MEDIUM
5.9
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example,…
CVE-2025-48430
2025-10-23
MEDIUM
5.5
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server:…
CVE-2025-48428
2025-10-23
MEDIUM
6.7
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing…
CVE-2025-47699
2025-10-23
CRITICAL
9.9
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical…
CVE-2025-41402
2025-10-23
MEDIUM
5.5
Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre…
CVE-2025-35981
2025-10-23
MEDIUM
5.5
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they…
CVE-2025-12104
2025-10-23
N/A
0.0
Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-62812
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62811
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62810
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62809
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62808
2025-10-23
N/A
0.0
Rejected reason: Not used
« Anterior
Página 54 de 3638
Siguiente »
Page load link
Go to Top
