Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-43775
2025-09-09
N/A
0.0
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update…
CVE-2025-10164
2025-09-09
HIGH
7.3
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors…
CVE-2025-32689
2025-09-09
HIGH
7.5
Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13.
CVE-2025-32688
2025-09-09
MEDIUM
5.4
Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8.
CVE-2025-32486
2025-09-09
CRITICAL
9.8
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard. This issue affects Material Dashboard: from n/a through 1.4.6.
CVE-2025-30875
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Froger WP Weixin allows Stored XSS. This issue affects WP Weixin: from n/a through 1.3.16.
CVE-2025-9269
2025-09-09
N/A
0.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force…
CVE-2025-57665
2025-09-09
N/A
0.0
Element Plus Link component (el-link) through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes…
CVE-2025-57085
2025-09-09
N/A
0.0
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-5500
2025-09-09
MEDIUM
5.3
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation…
CVE-2025-59008
2025-09-09
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code…
CVE-2025-59005
2025-09-09
MEDIUM
4.3
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
CVE-2025-58997
2025-09-09
CRITICAL
9.6
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.
CVE-2025-58993
2025-09-09
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through…
CVE-2025-58991
2025-09-09
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-58990
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0.
CVE-2025-58989
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text…
CVE-2025-58988
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.
CVE-2025-58987
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6.
CVE-2025-58985
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product…
CVE-2025-58984
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-58983
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
CVE-2025-58982
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through…
CVE-2025-58981
2025-09-09
MEDIUM
5.4
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from…
CVE-2025-58980
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS:…
CVE-2025-58979
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
CVE-2025-58978
2025-09-09
MEDIUM
5.3
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through…
CVE-2025-58977
2025-09-09
MEDIUM
4.9
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
CVE-2025-58976
2025-09-09
MEDIUM
4.3
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from…
CVE-2025-58975
2025-09-09
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-58215
2025-09-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from…
CVE-2025-55317
2025-09-09
HIGH
7.8
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-55316
2025-09-09
HIGH
7.8
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2025-55245
2025-09-09
HIGH
7.8
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-55243
2025-09-09
HIGH
7.5
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55236
2025-09-09
HIGH
7.3
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-55234
2025-09-09
HIGH
8.8
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject…
CVE-2025-55232
2025-09-09
CRITICAL
9.8
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
CVE-2025-55228
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55227
2025-09-09
HIGH
8.8
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-55226
2025-09-09
MEDIUM
6.7
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-55225
2025-09-09
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-55224
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55223
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-54919
2025-09-09
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-54918
2025-09-09
HIGH
8.8
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-54917
2025-09-09
MEDIUM
4.3
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54916
2025-09-09
HIGH
7.8
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2025-54915
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54913
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
« Anterior
Página 847 de 4304
Siguiente »
Page load link
Go to Top
