Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7794
2025-07-18
HIGH
8.8
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of…
CVE-2025-7793
2025-07-18
HIGH
8.8
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file…
CVE-2025-7792
2025-07-18
HIGH
8.8
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter…
CVE-2025-7783
2025-07-18
N/A
0.0
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files…
CVE-2025-53762
2025-07-18
HIGH
8.7
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
CVE-2025-49747
2025-07-18
CRITICAL
9.9
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-49746
2025-07-18
CRITICAL
9.9
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47995
2025-07-18
MEDIUM
6.5
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47158
2025-07-18
CRITICAL
9.0
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-7791
2025-07-18
LOW
3.5
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability…
CVE-2025-7790
2025-07-18
HIGH
8.8
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of…
CVE-2025-7789
2025-07-18
LOW
3.7
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the…
CVE-2025-54079
2025-07-18
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-54078
2025-07-18
MEDIUM
6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-54077
2025-07-18
MEDIUM
6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-54076
2025-07-18
MEDIUM
6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-54075
2025-07-18
HIGH
8.3
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version…
CVE-2025-54073
2025-07-18
HIGH
7.5
mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming…
CVE-2025-54059
2025-07-18
MEDIUM
4.4
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM…
CVE-2025-53945
2025-07-18
HIGH
7.0
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior…
CVE-2025-53888
2025-07-18
N/A
0.0
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead…
CVE-2025-7788
2025-07-18
MEDIUM
6.3
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is…
CVE-2025-7787
2025-07-18
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler…
CVE-2025-7762
2025-07-17
HIGH
8.8
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing…
CVE-2025-7759
2025-07-17
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part…
CVE-2025-7758
2025-07-17
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue…
CVE-2025-7757
2025-07-17
HIGH
7.3
A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown…
CVE-2025-7756
2025-07-17
MEDIUM
4.3
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation…
CVE-2025-46732
2025-07-18
MEDIUM
5.4
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR…
CVE-2025-50240
2025-07-17
CRITICAL
9.8
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.
CVE-2025-7786
2025-07-18
LOW
3.5
A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some…
CVE-2025-7785
2025-07-18
MEDIUM
4.3
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of…
CVE-2025-7784
2025-07-18
MEDIUM
6.5
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative…
CVE-2025-7767
2025-07-18
LOW
3.5
A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this…
CVE-2025-7765
2025-07-17
HIGH
7.3
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an…
CVE-2025-7764
2025-07-17
HIGH
7.3
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function…
CVE-2025-7763
2025-07-17
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select…
CVE-2025-46001
2025-07-18
N/A
0.0
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading…
CVE-2024-13175
2025-07-18
MEDIUM
5.5
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
CVE-2025-6227
2025-07-18
LOW
2.2
Mattermost versions 10.5.x
CVE-2025-6233
2025-07-18
MEDIUM
6.8
Mattermost versions 10.8.x
CVE-2025-50126
2025-07-18
N/A
0.0
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject…
CVE-2025-50058
2025-07-18
N/A
0.0
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject…
CVE-2025-50057
2025-07-18
N/A
0.0
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to…
CVE-2025-50056
2025-07-18
N/A
0.0
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to…
CVE-2025-49486
2025-07-18
N/A
0.0
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in…
CVE-2025-49485
2025-07-18
N/A
0.0
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands…
CVE-2025-49484
2025-07-18
N/A
0.0
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL…
CVE-2025-2425
2025-07-18
N/A
0.0
Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the…
CVE-2025-7444
2025-07-18
CRITICAL
9.8
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This…
« Anterior
Página 107 de 3432
Siguiente »
Page load link
Go to Top
