Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-21448
2026-01-02
N/A
0.0
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add…
CVE-2026-21447
2026-01-02
HIGH
7.1
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer…
CVE-2026-21446
2026-01-02
N/A
0.0
Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The…
CVE-2026-21445
2026-01-02
N/A
0.0
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue…
CVE-2026-0571
2026-01-02
MEDIUM
4.3
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the…
CVE-2026-21444
2026-01-02
MEDIUM
5.5
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL…
CVE-2026-21440
2026-01-02
N/A
0.0
AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on…
CVE-2026-21433
2026-01-02
HIGH
7.7
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An…
CVE-2026-21432
2026-01-02
N/A
0.0
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As…
CVE-2026-21431
2026-01-02
N/A
0.0
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As…
CVE-2026-21430
2026-01-02
N/A
0.0
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being…
CVE-2026-0570
2026-01-02
HIGH
7.3
A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql…
CVE-2026-0569
2026-01-02
HIGH
7.3
A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to…
CVE-2026-21429
2026-01-02
N/A
0.0
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing…
CVE-2026-0568
2026-01-02
HIGH
7.3
A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID…
CVE-2026-0567
2026-01-02
HIGH
7.3
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results…
CVE-2026-0566
2026-01-02
MEDIUM
4.7
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads…
CVE-2025-69417
2026-01-02
MEDIUM
5.0
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
CVE-2025-69416
2026-01-02
MEDIUM
5.0
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
CVE-2025-69415
2026-01-02
HIGH
7.1
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an…
CVE-2025-69414
2026-01-02
HIGH
8.5
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
CVE-2025-67160
2026-01-02
N/A
0.0
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
CVE-2025-67159
2026-01-02
N/A
0.0
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVE-2025-67158
2026-01-02
N/A
0.0
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVE-2025-35002
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35001
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-35000
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34999
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34998
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34997
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34996
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34995
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34994
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34993
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34992
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34991
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34990
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34989
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34988
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34987
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34986
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34985
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34984
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34983
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34982
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34981
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34980
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34979
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34978
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
CVE-2025-34977
2026-01-02
N/A
0.0
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
« Anterior
Página 136 de 3934
Siguiente »
Page load link
Go to Top
