Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-23761
2026-01-22
N/A
0.0
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in…
CVE-2026-22483
2026-01-22
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through
CVE-2026-22482
2026-01-22
N/A
0.0
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through
CVE-2026-22481
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker:…
CVE-2026-22472
2026-01-22
N/A
0.0
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through
CVE-2026-22470
2026-01-22
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm…
CVE-2026-22469
2026-01-22
N/A
0.0
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through
CVE-2026-22468
2026-01-22
N/A
0.0
Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through
CVE-2026-22466
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through
CVE-2026-22464
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects…
CVE-2026-22463
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from…
CVE-2026-22462
2026-01-22
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through
CVE-2026-22461
2026-01-22
N/A
0.0
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through
CVE-2026-22458
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through
CVE-2026-22450
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through
CVE-2026-22447
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through
CVE-2026-22445
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through
CVE-2026-22430
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through
CVE-2026-22426
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through
CVE-2026-22411
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through
CVE-2026-22409
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through
CVE-2026-22407
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through
CVE-2026-22406
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through
CVE-2026-22404
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through
CVE-2026-22402
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from…
CVE-2026-22401
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from…
CVE-2026-22400
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through
CVE-2026-22398
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through
CVE-2026-22396
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through
CVE-2026-22393
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through
CVE-2026-22391
2026-01-22
N/A
0.0
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through
CVE-2026-22388
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a…
CVE-2026-22382
2026-01-22
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and…
CVE-2026-22360
2026-01-22
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through
CVE-2026-22358
2026-01-22
N/A
0.0
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through
CVE-2026-22355
2026-01-22
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through
CVE-2026-22353
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through
CVE-2026-22349
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through
CVE-2026-22348
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through
CVE-2026-22347
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content…
CVE-2026-22278
2026-01-22
HIGH
8.1
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading…
CVE-2026-1260
2026-01-22
N/A
0.0
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
CVE-2026-0535
2026-01-22
HIGH
7.1
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop…
CVE-2026-0534
2026-01-22
HIGH
7.1
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop…
CVE-2026-0533
2026-01-22
HIGH
7.1
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS)…
CVE-2025-70899
2026-01-22
N/A
0.0
PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking…
CVE-2025-69828
2026-01-22
CRITICAL
10.0
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit
CVE-2025-69821
2026-01-22
HIGH
7.4
An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection
CVE-2025-69820
2026-01-22
MEDIUM
6.0
Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function
CVE-2025-69321
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through
« Anterior
Página 61 de 3921
Siguiente »
Page load link
Go to Top
