Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-22772
2026-01-12
MEDIUM
5.8
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to…
CVE-2025-67147
2026-01-12
CRITICAL
9.8
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and…
CVE-2021-41074
2026-01-12
MEDIUM
5.4
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.
CVE-2025-66802
2026-01-12
CRITICAL
9.8
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE.
CVE-2025-51567
2026-01-12
CRITICAL
9.1
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database…
CVE-2023-36331
2026-01-12
HIGH
8.2
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.
CVE-2026-22785
2026-01-12
N/A
0.0
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that…
CVE-2026-22784
2026-01-12
N/A
0.0
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access…
CVE-2026-22783
2026-01-12
CRITICAL
9.6
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where…
CVE-2026-22781
2026-01-12
N/A
0.0
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query…
CVE-2026-22776
2026-01-12
N/A
0.0
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling…
CVE-2026-22771
2026-01-12
HIGH
8.8
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by…
CVE-2026-22252
2026-01-12
CRITICAL
9.1
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands…
CVE-2026-22200
2026-01-12
N/A
0.0
Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing…
CVE-2026-22251
2026-01-12
MEDIUM
5.3
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years,…
CVE-2026-22250
2026-01-12
LOW
2.5
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in…
CVE-2026-22050
2026-01-12
N/A
0.0
ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to…
CVE-2026-22033
2026-01-12
N/A
0.0
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the…
CVE-2025-68657
2026-01-12
MEDIUM
6.4
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB…
CVE-2025-68656
2026-01-12
MEDIUM
6.8
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested…
CVE-2025-68471
2026-01-12
MEDIUM
6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2…
CVE-2025-68468
2026-01-12
MEDIUM
6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited…
CVE-2025-68276
2026-01-12
MEDIUM
5.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon…
CVE-2025-68622
2026-01-12
MEDIUM
6.8
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB…
CVE-2025-68472
2026-01-12
HIGH
8.1
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read…
CVE-2025-66689
2026-01-12
MEDIUM
6.5
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed…
CVE-2025-63314
2026-01-12
CRITICAL
10.0
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full…
CVE-2025-46070
2026-01-12
CRITICAL
9.8
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
CVE-2025-46068
2026-01-12
HIGH
8.8
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
CVE-2025-46067
2026-01-12
HIGH
8.2
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
CVE-2025-46066
2026-01-12
CRITICAL
9.9
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
CVE-2025-71063
2026-01-12
HIGH
8.2
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
CVE-2025-67813
2026-01-12
MEDIUM
5.3
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
CVE-2025-66939
2026-01-12
MEDIUM
5.4
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file
CVE-2025-65553
2026-01-12
N/A
0.0
D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sensor channel. An attacker within RF range can transmit continuous interference…
CVE-2025-65552
2026-01-12
N/A
0.0
D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message…
CVE-2025-41078
2026-01-12
N/A
0.0
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion…
CVE-2025-41077
2026-01-12
N/A
0.0
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data.…
CVE-2025-41006
2026-01-12
N/A
0.0
Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.
CVE-2025-41005
2026-01-12
N/A
0.0
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.
CVE-2026-22837
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22836
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22835
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22834
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22833
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22832
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22831
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22830
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2026-22829
2026-01-13
N/A
0.0
Rejected reason: Not used
CVE-2025-14470
2026-01-12
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
« Anterior
Página 112 de 3932
Siguiente »
Page load link
Go to Top
