Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-27779
2025-07-18
MEDIUM
6.7
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions,…
CVE-2025-7772
2025-07-18
MEDIUM
6.5
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read…
CVE-2025-7438
2025-07-18
HIGH
7.5
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in…
CVE-2025-7643
2025-07-18
CRITICAL
9.1
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-6726
2025-07-18
MEDIUM
4.3
The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-6719
2025-07-18
MEDIUM
4.4
The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
CVE-2025-6718
2025-07-18
HIGH
8.8
The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX…
CVE-2025-6717
2025-07-18
MEDIUM
6.5
The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and…
CVE-2025-6222
2025-07-18
CRITICAL
9.8
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable…
CVE-2025-5811
2025-07-18
MEDIUM
5.3
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-5800
2025-07-18
MEDIUM
6.4
The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions…
CVE-2025-5767
2025-07-18
MEDIUM
6.4
The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions…
CVE-2025-5754
2025-07-18
MEDIUM
6.4
The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’…
CVE-2025-5752
2025-07-18
MEDIUM
6.4
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in…
CVE-2025-29572
2025-07-18
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7660
2025-07-18
MEDIUM
6.4
The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all…
CVE-2025-7648
2025-07-18
MEDIUM
6.4
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all…
CVE-2025-7638
2025-07-18
MEDIUM
4.9
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL…
CVE-2025-6813
2025-07-18
HIGH
8.8
The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login()…
CVE-2025-6781
2025-07-18
MEDIUM
4.3
The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions…
CVE-2025-6053
2025-07-18
MEDIUM
6.1
The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-5816
2025-07-18
MEDIUM
4.3
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference…
CVE-2025-3740
2025-07-18
HIGH
8.8
The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,…
CVE-2025-7431
2025-07-18
MEDIUM
4.4
The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions…
CVE-2025-6185
2025-07-18
CRITICAL
9.3
Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious…
CVE-2025-7398
2025-07-17
N/A
0.0
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
CVE-2025-7397
2025-07-17
N/A
0.0
A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI)…
CVE-2025-6391
2025-07-17
N/A
0.0
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files…
CVE-2025-7755
2025-07-17
MEDIUM
6.3
A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some…
CVE-2025-23269
2025-07-17
MEDIUM
4.7
NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due…
CVE-2025-7433
2025-07-17
HIGH
8.8
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary…
CVE-2025-6249
2025-07-17
MEDIUM
6.7
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access…
CVE-2025-6248
2025-07-17
HIGH
7.4
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information…
CVE-2025-6232
2025-07-17
HIGH
7.8
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute…
CVE-2025-6231
2025-07-17
HIGH
7.8
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute…
CVE-2025-6230
2025-07-17
MEDIUM
5.3
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite…
CVE-2025-53964
2025-07-17
CRITICAL
9.6
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a…
CVE-2025-4657
2025-07-17
MEDIUM
6.7
A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager,…
CVE-2025-3753
2025-07-17
HIGH
7.8
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys…
CVE-2025-2818
2025-07-17
LOW
3.5
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application…
CVE-2025-23270
2025-07-17
HIGH
7.1
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive…
CVE-2025-23267
2025-07-17
HIGH
8.5
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link…
CVE-2025-23266
2025-07-17
CRITICAL
9.0
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker…
CVE-2025-1729
2025-07-17
MEDIUM
6.7
A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker…
CVE-2025-1700
2025-07-17
HIGH
7.0
A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a…
CVE-2025-0886
2025-07-17
HIGH
7.8
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to…
CVE-2024-42209
2025-07-17
LOW
3.5
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are…
CVE-2024-41921
2025-07-17
HIGH
7.8
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic…
CVE-2024-41148
2025-07-17
HIGH
7.8
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic…
CVE-2024-39835
2025-07-17
HIGH
7.8
A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic…
« Anterior
Página 96 de 3420
Siguiente »
Page load link
Go to Top
