Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53908
2025-07-16
N/A
0.0
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability…
CVE-2025-6977
2025-07-16
MEDIUM
6.1
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’…
CVE-2025-2799
2025-07-16
MEDIUM
4.4
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-2800
2025-07-16
HIGH
7.2
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2024-10029
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVE-2024-10031
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the…
CVE-2024-10032
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9342
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no…
CVE-2024-9343
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9408
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2025-40777
2025-07-16
HIGH
7.5
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value…
CVE-2025-37107
2025-07-16
HIGH
7.3
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37106
2025-07-16
HIGH
7.3
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37105
2025-07-16
HIGH
7.5
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-36097
2025-07-16
HIGH
7.5
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service,…
CVE-2025-53904
2025-07-16
N/A
0.0
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js`…
CVE-2025-53925
2025-07-16
MEDIUM
5.4
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17…
CVE-2025-20337
2025-07-16
CRITICAL
10.0
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute…
CVE-2025-20288
2025-07-16
MEDIUM
5.8
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct…
CVE-2025-20285
2025-07-16
MEDIUM
4.1
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker…
CVE-2025-20284
2025-07-16
MEDIUM
6.5
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute…
CVE-2025-49840
2025-07-15
N/A
0.0
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in…
CVE-2025-20283
2025-07-16
MEDIUM
6.5
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute…
CVE-2025-20274
2025-07-16
MEDIUM
6.3
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload…
CVE-2025-20272
2025-07-16
MEDIUM
4.3
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could…
CVE-2025-7357
2025-07-16
N/A
0.0
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in…
CVE-2025-53943
2025-07-16
N/A
0.0
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler…
CVE-2025-53938
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass…
CVE-2025-53937
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-53936
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53935
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53934
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53933
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53932
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53931
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53930
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53929
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53926
2025-07-16
MEDIUM
6.1
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17…
CVE-2025-50082
2025-07-15
MEDIUM
6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5…
CVE-2025-50069
2025-07-15
HIGH
7.7
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily…
CVE-2025-50066
2025-07-15
LOW
2.7
Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18…
CVE-2025-47053
2025-07-16
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker…
CVE-2025-46959
2025-07-16
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker…
CVE-2025-50065
2025-07-15
LOW
3.7
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is…
CVE-2025-50064
2025-07-15
MEDIUM
4.8
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0,…
CVE-2025-50062
2025-07-15
HIGH
8.1
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions…
CVE-2025-50061
2025-07-15
MEDIUM
5.4
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions…
CVE-2025-30754
2025-07-15
MEDIUM
4.8
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:…
CVE-2025-30753
2025-07-15
MEDIUM
6.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0,…
CVE-2025-30752
2025-07-15
LOW
3.7
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version…
« Anterior
Página 101 de 3423
Siguiente »
Page load link
Go to Top
