Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-22180
2026-01-01
N/A
0.0
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22155
2026-01-01
N/A
0.0
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22154
2026-01-01
N/A
0.0
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-69412
2026-01-01
LOW
3.4
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this…
CVE-2025-67711
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67710
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67709
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67708
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67707
2025-12-31
MEDIUM
5.6
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVE-2025-67706
2025-12-31
MEDIUM
5.6
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVE-2025-67705
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67704
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67703
2025-12-31
MEDIUM
6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-69288
2025-12-31
CRITICAL
9.1
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is…
CVE-2025-69286
2025-12-31
N/A
0.0
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent…
CVE-2025-68700
2025-12-31
N/A
0.0
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server…
CVE-2025-34469
2025-12-31
N/A
0.0
Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these…
CVE-2025-15398
2025-12-31
LOW
3.7
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation…
CVE-2023-7332
2025-12-31
N/A
0.0
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server…
CVE-2025-15373
2025-12-31
MEDIUM
6.3
A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It…
CVE-2025-15374
2025-12-31
LOW
3.5
A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of…
CVE-2025-15375
2025-12-31
MEDIUM
6.3
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation…
CVE-2025-53235
2025-12-31
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social allows Reflected XSS.This issue affects Easy Social: from n/a through 1.3.
CVE-2023-7331
2025-12-31
MEDIUM
4.7
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is…
CVE-2015-10145
2025-12-31
N/A
0.0
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands'…
CVE-2025-59131
2025-12-30
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-CalDav2ICS allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through 1.3.4.
CVE-2025-15114
2025-12-30
CRITICAL
9.8
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can…
CVE-2025-15113
2025-12-30
HIGH
7.8
Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this…
CVE-2025-15112
2025-12-30
HIGH
8.0
Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious…
CVE-2025-15111
2025-12-30
HIGH
7.5
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative…
CVE-2024-58338
2025-12-30
CRITICAL
9.8
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command…
CVE-2024-58337
2025-12-30
HIGH
7.5
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability…
CVE-2024-58336
2025-12-30
CRITICAL
9.8
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve…
CVE-2024-58315
2025-12-30
HIGH
8.4
Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service…
CVE-2023-54327
2025-12-30
HIGH
7.5
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint…
CVE-2023-54163
2025-12-30
HIGH
8.2
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized…
CVE-2023-53983
2025-12-30
HIGH
7.5
Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote…
CVE-2022-50804
2025-12-30
MEDIUM
6.5
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or…
CVE-2022-50803
2025-12-30
CRITICAL
9.8
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
CVE-2022-50802
2025-12-30
MEDIUM
6.1
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially…
CVE-2022-50801
2025-12-30
MEDIUM
4.3
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in…
CVE-2022-50800
2025-12-30
HIGH
7.5
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi…
CVE-2022-50799
2025-12-30
HIGH
7.5
Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted…
CVE-2022-50798
2025-12-30
HIGH
7.5
SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially…
CVE-2022-50796
2025-12-30
HIGH
7.5
SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50795
2025-12-30
HIGH
8.4
SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50794
2025-12-30
CRITICAL
9.8
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands…
CVE-2022-50793
2025-12-30
HIGH
8.8
SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50792
2025-12-30
CRITICAL
9.8
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating…
CVE-2022-50791
2025-12-30
HIGH
8.4
SOUND4 IMPACT/FIRST/PULSE/Eco
« Anterior
Página 151 de 3934
Siguiente »
Page load link
Go to Top
