Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-34140
2025-07-22
N/A
0.0
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix…
CVE-2024-55040
2025-07-21
N/A
0.0
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code…
CVE-2025-7705
2025-07-22
MEDIUM
6.8
: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects…
CVE-2025-4285
2025-07-22
CRITICAL
10.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL…
CVE-2025-4284
2025-07-22
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rolantis Information Technologies Agentis allows Reflected…
CVE-2025-7900
2025-07-22
N/A
0.0
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager…
CVE-2025-7899
2025-07-22
N/A
0.0
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects…
CVE-2025-7692
2025-07-22
HIGH
8.1
The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including,…
CVE-2025-7687
2025-07-22
MEDIUM
6.1
The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-7685
2025-07-22
MEDIUM
6.1
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,…
CVE-2025-7427
2025-07-22
N/A
0.0
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful…
CVE-2025-6213
2025-07-22
HIGH
7.2
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and…
CVE-2025-6187
2025-07-22
CRITICAL
9.8
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in…
CVE-2025-6082
2025-07-22
MEDIUM
5.3
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including,…
CVE-2025-53472
2025-07-22
HIGH
7.2
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in…
CVE-2025-46267
2025-07-22
MEDIUM
4.9
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a…
CVE-2025-38352
2025-07-22
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting…
CVE-2025-7645
2025-07-22
HIGH
8.1
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file…
CVE-2025-7644
2025-07-22
MEDIUM
6.4
The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery…
CVE-2025-7495
2025-07-22
MEDIUM
6.4
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all…
CVE-2025-6585
2025-07-22
HIGH
8.1
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
CVE-2025-52580
2025-07-22
LOW
2.4
Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited,…
CVE-2025-7953
2025-07-22
LOW
3.5
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some…
CVE-2025-7952
2025-07-22
MEDIUM
6.3
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file…
CVE-2025-7951
2025-07-22
LOW
3.5
A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of…
CVE-2025-7950
2025-07-22
HIGH
7.3
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue…
CVE-2025-6831
2025-07-22
MEDIUM
6.4
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions…
CVE-2025-5240
2025-07-22
MEDIUM
6.4
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter…
CVE-2015-10137
2025-07-22
CRITICAL
9.8
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file…
CVE-2012-10020
2025-07-22
CRITICAL
9.8
The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php…
CVE-2025-7945
2025-07-22
HIGH
8.8
A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the…
CVE-2025-7944
2025-07-21
MEDIUM
4.3
A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0. It has been classified as problematic. This affects an…
CVE-2025-7943
2025-07-21
MEDIUM
4.3
A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this issue is…
CVE-2025-7486
2025-07-21
MEDIUM
4.4
The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up…
CVE-2025-7942
2025-07-21
LOW
3.5
A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability…
CVE-2025-7941
2025-07-21
LOW
3.5
A vulnerability, which was classified as problematic, was found in PHPGurukul Time Table Generator System 1.0. Affected is an unknown…
CVE-2025-7940
2025-07-21
MEDIUM
5.3
A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected…
CVE-2025-7939
2025-07-21
MEDIUM
6.3
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods…
CVE-2025-54134
2025-07-21
N/A
0.0
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the…
CVE-2025-54129
2025-07-21
MEDIUM
4.3
HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4…
CVE-2025-54128
2025-07-21
N/A
0.0
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the…
CVE-2025-54127
2025-07-21
N/A
0.0
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and…
CVE-2025-54122
2025-07-21
CRITICAL
10.0
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy…
CVE-2025-53832
2025-07-21
HIGH
7.5
Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain…
CVE-2025-53528
2025-07-21
HIGH
7.6
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions 5.4.3 and below, the version parameter of the…
CVE-2025-7938
2025-07-21
MEDIUM
4.3
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of…
CVE-2025-7936
2025-07-21
MEDIUM
6.3
A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is…
CVE-2025-7325
2025-07-21
HIGH
7.8
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2025-7324
2025-07-21
HIGH
7.8
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2025-7323
2025-07-21
HIGH
7.8
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
« Anterior
Página 84 de 3417
Siguiente »
Page load link
Go to Top
