Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-51045
2025-07-29
MEDIUM
6.5
Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the…
CVE-2025-51044
2025-07-29
MEDIUM
6.5
phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient…
CVE-2025-45346
2025-07-29
HIGH
8.1
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET…
CVE-2025-52284
2025-07-29
MEDIUM
6.5
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This…
CVE-2025-51970
2025-07-29
HIGH
7.7
A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization…
CVE-2025-36071
2025-07-29
MEDIUM
6.5
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable…
CVE-2025-33114
2025-07-29
MEDIUM
5.3
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under…
CVE-2025-33092
2025-07-29
HIGH
7.8
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper…
CVE-2025-28172
2025-07-29
MEDIUM
6.5
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an…
CVE-2024-52894
2025-07-29
MEDIUM
4.9
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9,…
CVE-2024-51473
2025-07-29
MEDIUM
6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9,…
CVE-2024-49828
2025-07-29
MEDIUM
6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9,…
CVE-2024-42655
2025-07-29
HIGH
8.8
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using…
CVE-2025-28171
2025-07-29
MEDIUM
6.5
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function…
CVE-2024-42651
2025-07-29
HIGH
7.5
NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause…
CVE-2025-7675
2025-07-29
HIGH
7.8
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor…
CVE-2025-7497
2025-07-29
HIGH
7.8
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor…
CVE-2025-6637
2025-07-29
HIGH
7.8
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor…
CVE-2025-6636
2025-07-29
HIGH
7.8
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can…
CVE-2025-6635
2025-07-29
HIGH
7.8
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A…
CVE-2025-6631
2025-07-29
HIGH
7.8
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor…
CVE-2025-5043
2025-07-29
HIGH
7.8
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A…
CVE-2025-5038
2025-07-29
HIGH
7.8
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor…
CVE-2025-53715
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input…
CVE-2025-53714
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input…
CVE-2025-53713
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input…
CVE-2025-53712
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input…
CVE-2025-53711
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input…
CVE-2025-44137
2025-07-29
HIGH
8.2
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are…
CVE-2025-44136
2025-07-29
CRITICAL
9.8
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message…
CVE-2025-36010
2025-07-29
MEDIUM
6.5
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due…
CVE-2025-2928
2025-07-29
HIGH
7.2
SQL Injection affecting the Archiver role.
CVE-2025-2533
2025-07-29
MEDIUM
5.3
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash…
CVE-2025-2179
2025-07-29
N/A
0.0
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non…
CVE-2025-28170
2025-07-29
HIGH
7.6
Grandstream Networks GXP1628
CVE-2025-27514
2025-07-29
MEDIUM
4.5
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2025-5922
2025-07-29
N/A
0.0
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN…
CVE-2025-54432
2025-07-29
N/A
0.0
Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
CVE-2025-54420
2025-07-29
N/A
0.0
Rejected reason: This CVE is a duplicate of CVE-2025-8129.
CVE-2025-31965
2025-07-29
HIGH
8.2
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized…
CVE-2025-50738
2025-07-29
CRITICAL
9.8
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user…
CVE-2025-46059
2025-07-29
CRITICAL
9.8
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to…
CVE-2025-8264
2025-07-29
CRITICAL
9.0
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend.…
CVE-2025-8194
2025-07-28
HIGH
7.5
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation…
CVE-2025-6505
2025-07-29
HIGH
8.1
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability…
CVE-2025-6504
2025-07-29
HIGH
8.4
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since…
CVE-2025-54769
2025-07-29
HIGH
8.8
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in…
CVE-2025-52358
2025-07-29
MEDIUM
6.3
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This…
CVE-2025-54422
2025-07-29
N/A
0.0
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a…
CVE-2025-54768
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
« Anterior
Página 11 de 3361
Siguiente »
Page load link
Go to Top
