Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-22771
2026-01-12
HIGH
8.8
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by…
CVE-2026-22252
2026-01-12
CRITICAL
9.1
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands…
CVE-2026-22200
2026-01-12
N/A
0.0
Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing…
CVE-2026-22251
2026-01-12
MEDIUM
5.3
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years,…
CVE-2026-22250
2026-01-12
LOW
2.5
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in…
CVE-2026-22050
2026-01-12
N/A
0.0
ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to…
CVE-2026-22033
2026-01-12
N/A
0.0
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the…
CVE-2025-68657
2026-01-12
MEDIUM
6.4
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB…
CVE-2025-68656
2026-01-12
MEDIUM
6.8
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested…
CVE-2025-68471
2026-01-12
MEDIUM
6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2…
CVE-2025-68468
2026-01-12
MEDIUM
6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited…
CVE-2025-68276
2026-01-12
MEDIUM
5.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon…
CVE-2025-68622
2026-01-12
MEDIUM
6.8
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB…
CVE-2025-68472
2026-01-12
HIGH
8.1
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read…
CVE-2025-66689
2026-01-12
MEDIUM
6.5
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed…
CVE-2025-63314
2026-01-12
CRITICAL
10.0
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full…
CVE-2025-46070
2026-01-12
CRITICAL
9.8
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
CVE-2025-46068
2026-01-12
HIGH
8.8
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
CVE-2025-46067
2026-01-12
HIGH
8.2
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
CVE-2025-46066
2026-01-12
CRITICAL
9.9
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
CVE-2025-71063
2026-01-12
HIGH
8.2
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
CVE-2025-67813
2026-01-12
MEDIUM
5.3
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
CVE-2025-66939
2026-01-12
MEDIUM
5.4
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file
CVE-2025-65553
2026-01-12
N/A
0.0
D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sensor channel. An attacker within RF range can transmit continuous interference…
CVE-2025-65552
2026-01-12
N/A
0.0
D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message…
CVE-2025-41078
2026-01-12
N/A
0.0
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion…
CVE-2025-41077
2026-01-12
N/A
0.0
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data.…
CVE-2025-41006
2026-01-12
N/A
0.0
Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.
CVE-2025-41005
2026-01-12
N/A
0.0
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.
CVE-2026-22837
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22836
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22835
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22834
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22833
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22832
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22831
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22830
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22829
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2025-14470
2026-01-12
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-14579
2026-01-12
MEDIUM
4.8
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-52694
2026-01-12
CRITICAL
10.0
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the…
CVE-2025-41004
2026-01-12
N/A
0.0
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter.
CVE-2025-41003
2026-01-12
N/A
0.0
Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘/projects/hospital/admin/edit_patient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code…
CVE-2025-40978
2026-01-12
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST…
CVE-2025-40977
2026-01-12
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the…
CVE-2025-40976
2026-01-12
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’…
CVE-2025-40975
2026-01-12
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’…
CVE-2025-14279
2026-01-12
HIGH
8.1
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability…
CVE-2026-0855
2026-01-12
HIGH
8.8
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the…
CVE-2026-0854
2026-01-12
HIGH
8.8
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
« Anterior
Página 111 de 3931
Siguiente »
Page load link
Go to Top
