Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5344
2025-07-17
N/A
0.0
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind…
CVE-2025-3415
2025-07-17
MEDIUM
4.3
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could…
CVE-2025-4302
2025-07-17
MEDIUM
5.3
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can…
CVE-2025-7735
2025-07-17
HIGH
7.5
The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-7712
2025-07-17
CRITICAL
9.1
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
CVE-2025-7729
2025-07-17
LOW
3.5
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality…
CVE-2025-7728
2025-07-17
LOW
3.5
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the…
CVE-2025-5396
2025-07-17
CRITICAL
9.8
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0.…
CVE-2025-34132
2025-07-16
N/A
0.0
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server…
CVE-2025-34130
2025-07-16
N/A
0.0
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the…
CVE-2025-34129
2025-07-16
N/A
0.0
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient…
CVE-2025-34128
2025-07-16
N/A
0.0
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to…
CVE-2025-34127
2025-07-16
N/A
0.0
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the…
CVE-2025-34126
2025-07-16
N/A
0.0
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on…
CVE-2025-34125
2025-07-16
N/A
0.0
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware…
CVE-2025-34124
2025-07-16
N/A
0.0
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and…
CVE-2025-52933
2025-07-17
N/A
0.0
Rejected reason: 3rd party vulnerability
CVE-2024-12498
2025-07-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7703
2025-07-16
MEDIUM
6.8
Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.
CVE-2025-34123
2025-07-16
N/A
0.0
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue…
CVE-2025-34121
2025-07-16
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php`…
CVE-2025-40919
2025-07-16
MEDIUM
6.5
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40918
2025-07-16
MEDIUM
6.5
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40913
2025-07-16
MEDIUM
6.5
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version…
CVE-2025-40923
2025-07-16
HIGH
7.3
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded…
CVE-2025-34120
2025-07-16
N/A
0.0
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application…
CVE-2025-34119
2025-07-16
N/A
0.0
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The…
CVE-2025-34118
2025-07-16
N/A
0.0
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that…
CVE-2025-34117
2025-07-16
N/A
0.0
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014…
CVE-2025-32874
2025-07-16
HIGH
7.4
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class…
CVE-2025-32353
2025-07-16
MEDIUM
4.8
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
CVE-2025-27465
2025-07-16
MEDIUM
6.5
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an…
CVE-2024-42912
2025-07-16
MEDIUM
5.4
A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary…
CVE-2025-6983
2025-07-16
N/A
0.0
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via…
CVE-2025-6982
2025-07-16
N/A
0.0
Use of Hard-coded Credentials in TP-Link Archer C50 V3(
CVE-2025-53908
2025-07-16
N/A
0.0
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability…
CVE-2025-6977
2025-07-16
MEDIUM
6.1
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’…
CVE-2025-2799
2025-07-16
MEDIUM
4.4
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-2800
2025-07-16
HIGH
7.2
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2024-10029
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVE-2024-10031
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the…
CVE-2024-10032
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9342
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no…
CVE-2024-9343
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9408
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2025-40777
2025-07-16
HIGH
7.5
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value…
CVE-2025-37107
2025-07-16
HIGH
7.3
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37106
2025-07-16
HIGH
7.3
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37105
2025-07-16
HIGH
7.5
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-36097
2025-07-16
HIGH
7.5
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service,…
« Anterior
Página 100 de 3422
Siguiente »
Page load link
Go to Top
