Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53952
2025-07-16
N/A
0.0
Rejected reason: Not used
CVE-2025-52377
2025-07-15
MEDIUM
5.4
Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands…
CVE-2025-48795
2025-07-15
MEDIUM
5.6
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means…
CVE-2024-42650
2025-07-15
HIGH
7.5
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a…
CVE-2025-53890
2025-07-15
CRITICAL
9.8
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code…
CVE-2025-53836
2025-07-15
CRITICAL
9.9
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into…
CVE-2025-53835
2025-07-14
CRITICAL
9.0
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into…
CVE-2025-53825
2025-07-14
CRITICAL
9.4
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in…
CVE-2025-53824
2025-07-14
MEDIUM
5.4
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53823
2025-07-14
HIGH
8.8
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to…
CVE-2025-53822
2025-07-14
MEDIUM
6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site…
CVE-2025-53821
2025-07-14
MEDIUM
4.7
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect…
CVE-2025-53903
2025-07-15
N/A
0.0
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js`…
CVE-2025-41239
2025-07-15
HIGH
7.1
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory…
CVE-2025-41238
2025-07-15
CRITICAL
9.3
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out…
CVE-2025-41237
2025-07-15
CRITICAL
9.3
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor…
CVE-2025-41236
2025-07-15
CRITICAL
9.3
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative…
CVE-2025-53893
2025-07-15
N/A
0.0
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-53826
2025-07-15
N/A
0.0
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-53959
2025-07-15
HIGH
7.6
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CVE-2025-53895
2025-07-15
N/A
0.0
ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and…
CVE-2025-26186
2025-07-15
HIGH
8.1
SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
CVE-2025-50819
2025-07-15
HIGH
7.1
Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic…
CVE-2025-7042
2025-07-15
HIGH
7.8
Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This…
CVE-2025-6974
2025-07-15
HIGH
7.8
Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025.…
CVE-2025-6973
2025-07-15
HIGH
7.8
Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This…
CVE-2025-6972
2025-07-15
HIGH
7.8
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This…
CVE-2025-6971
2025-07-15
HIGH
7.8
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This…
CVE-2025-53622
2025-07-15
MEDIUM
5.2
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2,…
CVE-2025-53621
2025-07-15
MEDIUM
6.9
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity…
CVE-2025-52379
2025-07-15
MEDIUM
5.4
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature.…
CVE-2025-52378
2025-07-15
MEDIUM
5.4
Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code…
CVE-2025-33097
2025-07-15
MEDIUM
6.4
IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to…
CVE-2025-30483
2025-07-15
MEDIUM
5.5
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A…
CVE-2025-0831
2025-07-15
HIGH
7.8
Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability…
CVE-2025-6965
2025-07-15
N/A
0.0
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of…
CVE-2025-52376
2025-07-15
CRITICAL
9.8
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an…
CVE-2025-34116
2025-07-15
N/A
0.0
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An…
CVE-2025-34115
2025-07-15
N/A
0.0
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint.…
CVE-2025-34113
2025-07-15
N/A
0.0
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the…
CVE-2025-34112
2025-07-15
N/A
0.0
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection…
CVE-2025-34111
2025-07-15
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's…
CVE-2025-34110
2025-07-15
N/A
0.0
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or…
CVE-2025-34109
2025-07-15
N/A
0.0
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without…
CVE-2025-34108
2025-07-15
N/A
0.0
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send…
CVE-2025-34107
2025-07-15
N/A
0.0
A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When…
CVE-2025-34106
2025-07-15
N/A
0.0
A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an…
CVE-2025-34105
2025-07-15
N/A
0.0
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The…
CVE-2025-34104
2025-07-15
N/A
0.0
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism.…
CVE-2025-34103
2025-07-15
N/A
0.0
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in…
« Anterior
Página 152 de 3468
Siguiente »
Page load link
Go to Top
