Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8015
2025-07-22
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's…
CVE-2025-4878
2025-07-22
LOW
3.6
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw…
CVE-2025-8017
2025-07-22
HIGH
8.8
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of…
CVE-2025-7949
2025-07-22
LOW
3.5
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-7948
2025-07-22
MEDIUM
4.3
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality…
CVE-2025-7947
2025-07-22
MEDIUM
5.4
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the…
CVE-2025-7946
2025-07-22
MEDIUM
4.3
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. This issue affects…
CVE-2025-7717
2025-07-21
HIGH
7.5
Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0…
CVE-2025-7716
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting…
CVE-2025-7715
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This issue…
CVE-2025-7393
2025-07-21
CRITICAL
9.8
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0…
CVE-2025-7392
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue…
CVE-2025-51867
2025-07-22
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with the…
CVE-2025-52362
2025-07-21
CRITICAL
9.1
Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation…
CVE-2025-51869
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id,…
CVE-2025-51868
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter…
CVE-2025-51401
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51400
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51398
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51397
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51396
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML…
CVE-2025-4295
2025-07-22
MEDIUM
4.6
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025.
CVE-2025-4294
2025-07-22
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HotelRunner B2B allows Cross-Site Scripting (XSS).This…
CVE-2025-44654
2025-07-21
CRITICAL
9.8
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access…
CVE-2025-44649
2025-07-21
HIGH
7.5
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive.…
CVE-2025-43720
2025-07-21
MEDIUM
6.5
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user…
CVE-2015-10140
2025-07-22
HIGH
8.8
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated…
CVE-2025-34143
2025-07-22
N/A
0.0
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged…
CVE-2025-34142
2025-07-22
N/A
0.0
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint.…
CVE-2025-34141
2025-07-22
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires…
CVE-2025-34140
2025-07-22
N/A
0.0
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix…
CVE-2024-55040
2025-07-21
N/A
0.0
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code…
CVE-2025-7705
2025-07-22
MEDIUM
6.8
: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects…
CVE-2025-4285
2025-07-22
CRITICAL
10.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL…
CVE-2025-4284
2025-07-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rolantis Information Technologies Agentis allows Reflected…
CVE-2025-7900
2025-07-22
N/A
0.0
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager…
CVE-2025-7899
2025-07-22
N/A
0.0
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects…
CVE-2025-7692
2025-07-22
HIGH
8.1
The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including,…
CVE-2025-7687
2025-07-22
MEDIUM
6.1
The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-7685
2025-07-22
MEDIUM
6.1
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,…
CVE-2025-7427
2025-07-22
N/A
0.0
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful…
CVE-2025-6213
2025-07-22
HIGH
7.2
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2025-6187
2025-07-22
CRITICAL
9.8
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in…
CVE-2025-6082
2025-07-22
MEDIUM
5.3
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including,…
CVE-2025-53472
2025-07-22
HIGH
7.2
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in…
CVE-2025-46267
2025-07-22
MEDIUM
4.9
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a…
CVE-2025-38352
2025-07-22
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting…
CVE-2025-7645
2025-07-22
HIGH
8.1
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file…
CVE-2025-7644
2025-07-22
MEDIUM
6.4
The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery…
CVE-2025-7495
2025-07-22
MEDIUM
6.4
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all…
« Anterior
Página 81 de 3415
Siguiente »
Page load link
Go to Top
