Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-62807
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62806
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62805
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62804
2025-10-23
N/A
0.0
Rejected reason: Not used
CVE-2025-62710
2025-10-22
LOW
2.6
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a…
CVE-2025-62708
2025-10-22
N/A
0.0
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory…
CVE-2025-62707
2025-10-22
N/A
0.0
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite…
CVE-2025-62706
2025-10-22
MEDIUM
6.5
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext…
CVE-2025-62705
2025-10-22
N/A
0.0
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters…
CVE-2025-62617
2025-10-22
HIGH
7.2
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated…
CVE-2025-62614
2025-10-22
N/A
0.0
BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated…
CVE-2025-62613
2025-10-22
N/A
0.0
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS)…
CVE-2025-62612
2025-10-22
N/A
0.0
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF…
CVE-2025-60224
2025-10-22
MEDIUM
6.5
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through
CVE-2025-60222
2025-10-22
MEDIUM
6.5
Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through
CVE-2025-60221
2025-10-22
MEDIUM
6.5
Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through
CVE-2025-60220
2025-10-22
HIGH
8.2
Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through
CVE-2025-60217
2025-10-22
MEDIUM
5.3
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a…
CVE-2025-60216
2025-10-22
MEDIUM
5.3
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through
CVE-2025-60215
2025-10-22
MEDIUM
5.3
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through
CVE-2025-60211
2025-10-22
MEDIUM
5.3
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields:…
CVE-2025-60210
2025-10-22
MEDIUM
6.5
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through
CVE-2025-60209
2025-10-22
HIGH
8.2
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets:…
CVE-2025-60208
2025-10-22
MEDIUM
5.3
Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages:…
CVE-2025-60206
2025-10-22
HIGH
8.2
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through
CVE-2025-60176
2025-10-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through
CVE-2025-60168
2025-10-22
MEDIUM
5.3
Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through
CVE-2025-60151
2025-10-22
HIGH
7.5
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through
CVE-2025-60135
2025-10-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through
CVE-2025-60134
2025-10-22
MEDIUM
5.3
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through
CVE-2025-59578
2025-10-22
HIGH
7.5
Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through
CVE-2025-52741
2025-10-22
CRITICAL
9.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through
CVE-2025-49907
2025-10-22
HIGH
8.2
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through
CVE-2025-49906
2025-10-22
MEDIUM
5.3
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through
CVE-2025-49903
2025-10-22
MEDIUM
5.3
Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through
CVE-2025-49901
2025-10-22
MEDIUM
6.5
Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-49899
2025-10-22
MEDIUM
5.3
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through
CVE-2025-49380
2025-10-22
MEDIUM
5.3
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through
CVE-2025-49378
2025-10-22
MEDIUM
6.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through
CVE-2025-49377
2025-10-22
HIGH
7.5
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through
CVE-2025-49376
2025-10-22
HIGH
7.5
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through
CVE-2025-49374
2025-10-22
MEDIUM
5.3
Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through
CVE-2025-49937
2025-10-22
N/A
0.0
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from…
CVE-2025-49936
2025-10-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49935
2025-10-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from…
CVE-2025-49934
2025-10-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through
CVE-2025-49933
2025-10-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through
CVE-2025-49932
2025-10-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through
CVE-2025-49931
2025-10-22
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through
CVE-2025-49930
2025-10-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through
« Anterior
Página 55 de 3638
Siguiente »
Page load link
Go to Top
