Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-4569
2025-07-21
N/A
0.0
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be…
CVE-2025-41678
2025-07-21
MEDIUM
6.5
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements…
CVE-2025-41677
2025-07-21
MEDIUM
4.9
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action…
CVE-2025-41676
2025-07-21
MEDIUM
4.9
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action…
CVE-2025-41675
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due…
CVE-2025-41674
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper…
CVE-2025-41673
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper…
CVE-2025-1469
2025-07-21
HIGH
7.5
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.
CVE-2024-6107
2025-07-21
CRITICAL
9.6
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in…
CVE-2025-7369
2025-07-21
MEDIUM
6.1
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…
CVE-2025-7354
2025-07-21
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes…
CVE-2025-4685
2025-07-21
MEDIUM
6.4
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-4049
2025-07-21
N/A
0.0
Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate…
CVE-2025-7921
2025-07-21
CRITICAL
9.8
Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's…
CVE-2025-7920
2025-07-21
MEDIUM
6.1
WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary…
CVE-2025-7919
2025-07-21
MEDIUM
6.5
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-7344
2025-07-21
HIGH
8.8
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges…
CVE-2025-7343
2025-07-21
CRITICAL
9.8
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to…
CVE-2025-24938
2025-07-21
N/A
0.0
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker…
CVE-2025-24937
2025-07-21
N/A
0.0
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in…
CVE-2025-7918
2025-07-21
CRITICAL
9.8
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-7917
2025-07-21
HIGH
7.2
WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to…
CVE-2025-24936
2025-07-21
N/A
0.0
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable…
CVE-2025-0664
2025-07-21
N/A
0.0
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary…
CVE-2025-7916
2025-07-21
CRITICAL
9.8
WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the…
CVE-2025-54352
2025-07-21
LOW
3.7
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE:…
CVE-2025-7915
2025-07-21
HIGH
7.3
A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality…
CVE-2025-7914
2025-07-21
HIGH
8.8
A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-7913
2025-07-21
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the…
CVE-2025-53771
2025-07-20
MEDIUM
6.3
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to…
CVE-2025-53770
2025-07-20
CRITICAL
9.8
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft…
CVE-2025-7912
2025-07-20
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus…
CVE-2025-54319
2025-07-20
MEDIUM
6.3
An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to…
CVE-2025-7906
2025-07-20
MEDIUM
6.3
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile…
CVE-2025-7905
2025-07-20
MEDIUM
6.3
A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code…
CVE-2025-54317
2025-07-20
HIGH
8.4
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when…
CVE-2025-54316
2025-07-20
MEDIUM
4.9
An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in…
CVE-2025-49087
2025-07-20
MEDIUM
4.0
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to…
CVE-2025-47917
2025-07-20
HIGH
8.9
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation.…
CVE-2025-48965
2025-07-20
MEDIUM
4.0
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but…
CVE-2025-7904
2025-07-20
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part…
CVE-2025-7903
2025-07-20
MEDIUM
4.3
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown…
CVE-2025-7902
2025-07-20
LOW
3.5
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of…
CVE-2025-7901
2025-07-20
MEDIUM
4.3
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some…
CVE-2025-7897
2025-07-20
HIGH
7.3
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the…
CVE-2025-7896
2025-07-20
MEDIUM
6.3
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is…
CVE-2025-7895
2025-07-20
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file…
CVE-2025-46385
2025-07-20
HIGH
8.6
CWE-918 Server-Side Request Forgery (SSRF)
CVE-2025-46384
2025-07-20
HIGH
8.8
CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-46383
2025-07-20
MEDIUM
6.1
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
« Anterior
Página 139 de 3468
Siguiente »
Page load link
Go to Top
