Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-21492
2026-01-06
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-22539
2026-01-07
N/A
0.0
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.
CVE-2026-21680
2026-01-07
MEDIUM
6.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21679
2026-01-07
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21678
2026-01-07
HIGH
7.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21506
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21505
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined…
CVE-2026-21504
2026-01-07
MEDIUM
6.6
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21503
2026-01-07
MEDIUM
6.1
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined…
CVE-2026-21502
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21501
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21500
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21499
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21498
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21497
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21496
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21495
2026-01-07
MEDIUM
5.5
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2025-66560
2026-01-07
MEDIUM
5.9
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of…
CVE-2026-0618
2026-01-07
MEDIUM
6.1
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.
CVE-2025-67366
2026-01-07
HIGH
7.5
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability…
CVE-2025-66686
2026-01-07
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url”…
CVE-2025-61782
2026-01-07
MEDIUM
5.4
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML…
CVE-2025-58441
2026-01-07
N/A
0.0
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send…
CVE-2025-4677
2026-01-07
MEDIUM
6.5
Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue…
CVE-2026-22544
2026-01-07
N/A
0.0
An attacker with a network connection could detect credentials in clear text.
CVE-2026-22543
2026-01-07
N/A
0.0
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could…
CVE-2026-22537
2026-01-07
N/A
0.0
The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for…
CVE-2026-22536
2026-01-07
N/A
0.0
The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions
CVE-2026-22535
2026-01-07
N/A
0.0
An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics…
CVE-2026-20029
2026-01-07
MEDIUM
4.9
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to…
CVE-2026-20027
2026-01-07
MEDIUM
5.3
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine…
CVE-2026-20026
2026-01-07
MEDIUM
5.8
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to…
CVE-2026-0643
2026-01-07
HIGH
7.3
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation…
CVE-2026-0642
2026-01-07
LOW
2.4
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name…
CVE-2025-67364
2026-01-07
HIGH
7.5
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic…
CVE-2025-66837
2026-01-07
MEDIUM
6.8
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
CVE-2025-66786
2026-01-07
HIGH
7.5
OpenAirInterface CN5G AMF
CVE-2025-66838
2026-01-07
MEDIUM
6.5
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker…
CVE-2025-65805
2026-01-07
HIGH
7.5
OpenAirInterface CN5G AMF
CVE-2025-61489
2026-01-07
MEDIUM
6.5
A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.
CVE-2025-4676
2026-01-07
HIGH
8.8
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP…
CVE-2025-4675
2026-01-07
MEDIUM
6.5
Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K;…
CVE-2025-14719
2026-01-07
MEDIUM
4.9
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor…
CVE-2025-12543
2026-01-07
CRITICAL
9.6
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate…
CVE-2026-22542
2026-01-07
N/A
0.0
An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
CVE-2026-22541
2026-01-07
N/A
0.0
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board…
CVE-2025-62327
2026-01-07
MEDIUM
4.9
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
CVE-2026-22540
2026-01-07
N/A
0.0
The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must…
CVE-2025-49335
2026-01-07
MEDIUM
4.9
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
CVE-2025-68637
2026-01-07
CRITICAL
9.1
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle…
« Anterior
Página 125 de 3934
Siguiente »
Page load link
Go to Top
