Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-34123
2025-07-16
N/A
0.0
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue…
CVE-2025-34121
2025-07-16
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php`…
CVE-2025-40919
2025-07-16
MEDIUM
6.5
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40918
2025-07-16
MEDIUM
6.5
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40913
2025-07-16
MEDIUM
6.5
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version…
CVE-2025-40923
2025-07-16
HIGH
7.3
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded…
CVE-2025-34120
2025-07-16
N/A
0.0
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application…
CVE-2025-34119
2025-07-16
N/A
0.0
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The…
CVE-2025-34118
2025-07-16
N/A
0.0
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that…
CVE-2025-34117
2025-07-16
N/A
0.0
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014…
CVE-2025-32874
2025-07-16
HIGH
7.4
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class…
CVE-2025-32353
2025-07-16
MEDIUM
4.8
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
CVE-2025-27465
2025-07-16
MEDIUM
6.5
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an…
CVE-2024-42912
2025-07-16
MEDIUM
5.4
A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary…
CVE-2025-6983
2025-07-16
N/A
0.0
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via…
CVE-2025-6982
2025-07-16
N/A
0.0
Use of Hard-coded Credentials in TP-Link Archer C50 V3(
CVE-2025-53908
2025-07-16
N/A
0.0
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability…
CVE-2025-6977
2025-07-16
MEDIUM
6.1
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’…
CVE-2025-2799
2025-07-16
MEDIUM
4.4
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-2800
2025-07-16
HIGH
7.2
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2024-10029
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVE-2024-10031
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the…
CVE-2024-10032
2025-07-16
MEDIUM
5.4
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9342
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no…
CVE-2024-9343
2025-07-16
MEDIUM
6.1
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9408
2025-07-16
CRITICAL
9.8
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2025-40777
2025-07-16
HIGH
7.5
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value…
CVE-2025-37107
2025-07-16
HIGH
7.3
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37106
2025-07-16
HIGH
7.3
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37105
2025-07-16
HIGH
7.5
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-36097
2025-07-16
HIGH
7.5
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service,…
CVE-2025-53904
2025-07-16
N/A
0.0
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js`…
CVE-2025-53925
2025-07-16
MEDIUM
5.4
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17…
CVE-2025-20337
2025-07-16
CRITICAL
10.0
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute…
CVE-2025-20288
2025-07-16
MEDIUM
5.8
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct…
CVE-2025-20285
2025-07-16
MEDIUM
4.1
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker…
CVE-2025-20284
2025-07-16
MEDIUM
6.5
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute…
CVE-2025-49840
2025-07-15
N/A
0.0
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in…
CVE-2025-20283
2025-07-16
MEDIUM
6.5
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute…
CVE-2025-20274
2025-07-16
MEDIUM
6.3
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload…
CVE-2025-20272
2025-07-16
MEDIUM
4.3
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could…
CVE-2025-7357
2025-07-16
N/A
0.0
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in…
CVE-2025-53943
2025-07-16
N/A
0.0
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler…
CVE-2025-53938
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass…
CVE-2025-53937
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-53936
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53935
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53934
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53933
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site…
CVE-2025-53932
2025-07-16
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
« Anterior
Página 104 de 3426
Siguiente »
Page load link
Go to Top
