Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-25470
2026-06-17
CRITICAL
10.0
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT…
CVE-2026-25439
2026-06-17
HIGH
8.1
Unauthenticated Broken Authentication in Booknetic
CVE-2026-22343
2026-06-17
HIGH
8.6
Unauthenticated Broken Access Control in WordPress Dating Theme
CVE-2026-22340
2026-06-17
CRITICAL
9.3
Unauthenticated SQL Injection in WPJobster
CVE-2026-22334
2026-06-17
HIGH
7.5
Subscriber Arbitrary File Download in Woocommerce Book Price
CVE-2026-22331
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in AutoParts
CVE-2026-22327
2026-06-17
CRITICAL
9.9
Subscriber Arbitrary File Upload in Restaurt
CVE-2026-22325
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Promo
CVE-2026-12360
2026-06-17
HIGH
7.5
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is…
CVE-2026-12256
2026-06-17
HIGH
8.8
Contributor PHP Object Injection in Avada
CVE-2026-12165
2026-06-17
HIGH
8.8
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and…
CVE-2026-12115
2026-06-17
MEDIUM
6.6
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,…
CVE-2025-69178
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Truemag
CVE-2025-69177
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Roneous
CVE-2025-69176
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in ITactics
CVE-2025-69173
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Tipsy
CVE-2025-69171
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Orpheus
CVE-2025-69168
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Spike
CVE-2025-69167
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Eros
CVE-2025-69165
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Choreo
CVE-2025-69163
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in WineShop
CVE-2025-69162
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Grecko
CVE-2026-46914
2026-06-17
HIGH
7.1
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon…
CVE-2026-35303
2026-06-17
HIGH
8.8
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-35285
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35284
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35283
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35282
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35281
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35280
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-8317
2026-06-17
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-46942
2026-06-17
HIGH
8.8
Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
CVE-2026-46940
2026-06-17
HIGH
8.8
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-46939
2026-06-17
HIGH
8.1
Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows…
CVE-2026-46938
2026-06-17
HIGH
7.2
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker…
CVE-2026-46937
2026-06-17
HIGH
8.8
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
CVE-2026-46935
2026-06-17
HIGH
7.5
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability…
CVE-2026-46934
2026-06-17
HIGH
7.5
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability…
CVE-2026-46933
2026-06-17
CRITICAL
9.9
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-46958
2026-06-17
HIGH
7.5
Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged…
CVE-2026-12328
2026-06-16
HIGH
8.1
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption…
CVE-2026-12329
2026-06-16
MEDIUM
5.3
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
CVE-2026-12330
2026-06-16
MEDIUM
5.4
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.
CVE-2026-10635
2026-06-16
MEDIUM
6.3
On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded inside the caller-owned…
CVE-2026-22313
2026-06-16
CRITICAL
9.1
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker…
CVE-2026-22312
2026-06-16
HIGH
8.6
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to…
CVE-2026-10303
2026-06-16
HIGH
7.4
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling,…
CVE-2026-10748
2026-06-16
N/A
0.0
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus…
CVE-2026-12313
2026-06-16
MEDIUM
4.7
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-48775
2026-06-16
MEDIUM
6.8
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct…
« Anterior
Página 88 de 4528
Siguiente »
Page load link
Go to Top