Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-29872
2025-06-06
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then…
CVE-2025-29871
2025-06-06
N/A
0.0
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain…
CVE-2025-22490
2025-06-06
N/A
0.0
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to…
CVE-2025-22486
2025-06-06
N/A
0.0
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise…
CVE-2025-22484
2025-06-06
N/A
0.0
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then…
CVE-2025-22482
2025-06-06
N/A
0.0
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to…
CVE-2025-22481
2025-06-06
N/A
0.0
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to…
CVE-2024-56805
2025-06-06
N/A
0.0
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to…
CVE-2024-50406
2025-06-06
N/A
0.0
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security…
CVE-2024-13088
2025-06-06
N/A
0.0
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of…
CVE-2024-13087
2025-06-06
N/A
0.0
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit…
CVE-2025-5782
2025-06-06
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file…
CVE-2025-5780
2025-06-06
MEDIUM
6.3
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The…
CVE-2025-5779
2025-06-06
MEDIUM
6.3
A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php.…
CVE-2025-41646
2025-06-06
CRITICAL
9.8
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
CVE-2025-27531
2025-06-06
N/A
0.0
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by…
CVE-2025-5791
2025-06-06
HIGH
7.1
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly…
CVE-2025-5778
2025-06-06
HIGH
7.3
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation…
CVE-2025-38002
2025-06-06
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists.…
CVE-2025-38001
2025-06-06
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that…
CVE-2025-0620
2025-06-06
MEDIUM
6.6
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file…
CVE-2025-5758
2025-06-06
HIGH
7.3
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of…
CVE-2025-5757
2025-06-06
LOW
3.5
A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
CVE-2025-5756
2025-06-06
HIGH
7.3
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-5755
2025-06-06
HIGH
7.3
A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The…
CVE-2025-5192
2025-06-06
N/A
0.0
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication…
CVE-2025-48784
2025-06-06
N/A
0.0
A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
CVE-2025-48783
2025-06-06
N/A
0.0
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers…
CVE-2025-48782
2025-06-06
N/A
0.0
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers…
CVE-2025-48781
2025-06-06
N/A
0.0
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers…
CVE-2025-48780
2025-06-06
N/A
0.0
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary…
CVE-2025-5739
2025-06-06
HIGH
8.8
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler.…
CVE-2025-5738
2025-06-06
HIGH
8.8
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the…
CVE-2025-5737
2025-06-06
HIGH
8.8
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the…
CVE-2025-3365
2025-06-06
CRITICAL
9.8
A missing protection against path traversal allows to access any file on the server.
CVE-2025-3322
2025-06-06
N/A
0.0
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
CVE-2025-5736
2025-06-06
HIGH
8.8
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST…
CVE-2025-5735
2025-06-06
HIGH
8.8
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request…
CVE-2025-5734
2025-06-06
HIGH
8.8
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request…
CVE-2025-5732
2025-06-06
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery.…
CVE-2025-3321
2025-06-06
N/A
0.0
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
CVE-2025-5729
2025-06-06
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The…
CVE-2025-5728
2025-06-06
MEDIUM
6.3
A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the…
CVE-2025-5727
2025-06-06
LOW
2.4
A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement…
CVE-2025-5703
2025-06-06
MEDIUM
6.4
The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization…
CVE-2025-5699
2025-06-06
MEDIUM
5.5
The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input…
CVE-2025-5686
2025-06-06
MEDIUM
6.4
The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient…
CVE-2025-5586
2025-06-06
MEDIUM
6.4
The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including,…
CVE-2025-5565
2025-06-06
MEDIUM
6.4
The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient…
CVE-2025-5563
2025-06-06
MEDIUM
6.5
The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the…
« Anterior
Página 1091 de 4308
Siguiente »
Page load link
Go to Top
