Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-31512
2025-07-22
HIGH
7.3
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API…
CVE-2025-51475
2025-07-22
MEDIUM
5.0
Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames…
CVE-2025-51458
2025-07-22
MEDIUM
6.5
SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted…
CVE-2025-51479
2025-07-22
MEDIUM
5.4
Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via…
CVE-2025-31511
2025-07-22
HIGH
7.3
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a…
CVE-2025-6741
2025-07-22
HIGH
7.7
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the…
CVE-2025-6523
2025-07-22
HIGH
7.7
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute…
CVE-2025-51471
2025-07-22
MEDIUM
6.9
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via…
CVE-2025-51464
2025-07-22
HIGH
8.8
Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python…
CVE-2025-51481
2025-07-22
MEDIUM
6.6
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files…
CVE-2025-51482
2025-07-22
HIGH
8.8
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands…
CVE-2025-51480
2025-07-22
HIGH
8.8
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing…
CVE-2025-51463
2025-07-22
HIGH
7.0
Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a…
CVE-2024-38335
2025-07-22
MEDIUM
4.5
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service…
CVE-2025-7371
2025-07-22
MEDIUM
6.8
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access…
CVE-2025-5042
2025-07-22
HIGH
7.8
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can…
CVE-2025-51865
2025-07-22
HIGH
8.8
Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to…
CVE-2025-51864
2025-07-22
MEDIUM
6.5
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through…
CVE-2025-51863
2025-07-22
MEDIUM
6.1
Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary code via a…
CVE-2025-51862
2025-07-22
MEDIUM
6.1
Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this…
CVE-2025-51860
2025-07-22
MEDIUM
6.1
Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and character container component. An attacker can achieve…
CVE-2025-51859
2025-07-22
MEDIUM
6.5
Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side…
CVE-2025-51858
2025-07-22
MEDIUM
6.1
Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via…
CVE-2025-36512
2025-07-22
HIGH
7.5
A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially…
CVE-2025-35966
2025-07-22
HIGH
7.5
A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted…
CVE-2025-8018
2025-07-22
MEDIUM
6.3
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this…
CVE-2025-8015
2025-07-22
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's…
CVE-2025-4878
2025-07-22
LOW
3.6
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw…
CVE-2025-8017
2025-07-22
HIGH
8.8
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of…
CVE-2025-7949
2025-07-22
LOW
3.5
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-7948
2025-07-22
MEDIUM
4.3
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality…
CVE-2025-7947
2025-07-22
MEDIUM
5.4
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the…
CVE-2025-7946
2025-07-22
MEDIUM
4.3
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. This issue affects…
CVE-2025-7717
2025-07-21
HIGH
7.5
Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0…
CVE-2025-7716
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting…
CVE-2025-7715
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This issue…
CVE-2025-7393
2025-07-21
CRITICAL
9.8
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0…
CVE-2025-7392
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue…
CVE-2025-51867
2025-07-22
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with the…
CVE-2025-52362
2025-07-21
CRITICAL
9.1
Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation…
CVE-2025-51869
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id,…
CVE-2025-51868
2025-07-21
HIGH
7.5
Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter…
CVE-2025-51401
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51400
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51398
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51397
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51396
2025-07-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML…
CVE-2025-4295
2025-07-22
MEDIUM
4.6
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025.
CVE-2025-4294
2025-07-22
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HotelRunner B2B allows Cross-Site Scripting (XSS).This…
CVE-2025-44654
2025-07-21
CRITICAL
9.8
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access…
« Anterior
Página 132 de 3467
Siguiente »
Page load link
Go to Top
