Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-8443
2026-06-16
HIGH
8.8
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to,…
CVE-2026-6933
2026-06-16
HIGH
8.8
The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the…
CVE-2026-5149
2026-06-16
MEDIUM
6.5
The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a…
CVE-2026-10780
2026-06-16
MEDIUM
4.3
The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the static_block_content() shortcode…
CVE-2026-6964
2026-06-16
MEDIUM
5.3
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not…
CVE-2026-53900
2026-06-16
MEDIUM
4.3
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to…
CVE-2026-50869
2026-06-15
CRITICAL
9.8
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
CVE-2026-38329
2026-06-15
CRITICAL
9.8
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file…
CVE-2026-30121
2026-06-15
CRITICAL
9.1
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
CVE-2026-30120
2026-06-15
CRITICAL
9.8
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
CVE-2025-55663
2026-06-15
MEDIUM
5.5
A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-55661
2026-06-15
MEDIUM
5.5
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
CVE-2025-55660
2026-06-15
MEDIUM
5.5
A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-55652
2026-06-15
MEDIUM
5.5
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2026-9262
2026-06-16
MEDIUM
6.5
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9261
2026-06-16
MEDIUM
6.8
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9260
2026-06-16
MEDIUM
6.2
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9259
2026-06-16
MEDIUM
6.5
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-9258
2026-06-16
MEDIUM
6.5
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-40750
2026-06-16
CRITICAL
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store:…
CVE-2026-54198
2026-06-16
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant
CVE-2026-54197
2026-06-16
MEDIUM
6.5
Unauthenticated Sensitive Data Exposure in GetGenie
CVE-2026-54191
2026-06-16
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Pods
CVE-2026-54190
2026-06-16
MEDIUM
6.5
Unauthenticated Broken Access Control in Envira Photo Gallery
CVE-2026-52715
2026-06-16
CRITICAL
9.3
Unauthenticated SQL Injection in GEO my WordPress
CVE-2026-52714
2026-06-16
MEDIUM
5.9
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO
CVE-2026-52712
2026-06-16
HIGH
7.6
Subscriber SQL Injection in Attendance Manager
CVE-2026-52711
2026-06-16
HIGH
7.5
Unauthenticated Broken Access Control in WooCommerce POS
CVE-2026-49774
2026-06-16
CRITICAL
9.9
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.
CVE-2026-49772
2026-06-16
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects…
CVE-2026-40809
2026-06-16
MEDIUM
6.5
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.
CVE-2026-39581
2026-06-16
HIGH
8.5
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic
CVE-2026-39574
2026-06-16
CRITICAL
9.3
Unauthenticated SQL Injection in InPost Gallery
CVE-2026-39490
2026-06-16
HIGH
7.5
Unauthenticated Broken Access Control in JupiterX Core
CVE-2026-39437
2026-06-16
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce
CVE-2025-68045
2026-06-16
HIGH
7.5
Unauthenticated Broken Access Control in WP Event SOlution
CVE-2026-20262
2026-06-15
MEDIUM
6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file…
CVE-2026-49954
2026-06-15
HIGH
7.2
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing…
CVE-2026-49953
2026-06-15
MEDIUM
6.5
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets…
CVE-2026-49952
2026-06-15
CRITICAL
9.1
Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting…
CVE-2026-46331
2026-06-16
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once…
CVE-2026-9691
2026-06-15
CRITICAL
9.8
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms
CVE-2026-52703
2026-06-15
CRITICAL
9.6
Unauthenticated Path Traversal in FastDup
CVE-2026-52702
2026-06-15
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection
CVE-2026-52700
2026-06-15
HIGH
8.5
Subscriber SQL Injection in WCMultiShipping
CVE-2026-52699
2026-06-15
HIGH
7.5
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar
CVE-2026-52697
2026-06-15
HIGH
8.5
Subscriber SQL Injection in Taskbuilder
CVE-2026-52695
2026-06-15
HIGH
7.5
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout
CVE-2026-52694
2026-06-15
HIGH
7.5
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce
CVE-2026-52693
2026-06-15
CRITICAL
9.3
Unauthenticated SQL Injection in eCommerce Product Catalog
« Anterior
Página 94 de 4528
Siguiente »
Page load link
Go to Top