Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-6200
2025-07-11
MEDIUM
5.9
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back…
CVE-2025-52964
2025-07-11
MEDIUM
6.5
A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows…
CVE-2025-52963
2025-07-11
MEDIUM
5.5
An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker…
CVE-2025-52958
2025-07-11
MEDIUM
5.3
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an…
CVE-2025-52955
2025-07-11
MEDIUM
6.5
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an…
CVE-2025-52954
2025-07-11
HIGH
7.8
A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local,…
CVE-2025-52953
2025-07-11
MEDIUM
6.5
An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows…
CVE-2025-52952
2025-07-11
MEDIUM
6.5
An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with…
CVE-2025-52951
2025-07-11
MEDIUM
5.8
A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic…
CVE-2025-52950
2025-07-11
CRITICAL
9.6
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive…
CVE-2025-52949
2025-07-11
MEDIUM
6.5
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and…
CVE-2025-52948
2025-07-11
MEDIUM
5.9
An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an…
CVE-2025-52947
2025-07-11
MEDIUM
6.5
An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX…
CVE-2025-52946
2025-07-11
HIGH
7.5
A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos…
CVE-2025-30661
2025-07-11
HIGH
7.3
An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a…
CVE-2025-51591
2025-07-11
MEDIUM
6.5
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure…
CVE-2023-38329
2025-07-11
N/A
0.0
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote…
CVE-2023-38327
2025-07-11
N/A
0.0
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to…
CVE-2025-7436
2025-07-11
HIGH
7.3
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects…
CVE-2025-7435
2025-07-11
LOW
3.5
A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an…
CVE-2025-7434
2025-07-11
HIGH
8.8
A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the…
CVE-2025-7423
2025-07-11
HIGH
8.8
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of…
CVE-2025-7422
2025-07-11
HIGH
8.8
A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file…
CVE-2025-7421
2025-07-11
HIGH
8.8
A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify…
CVE-2025-7420
2025-07-11
HIGH
8.8
A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet…
CVE-2025-7419
2025-07-10
HIGH
8.8
A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of…
CVE-2025-7418
2025-07-10
HIGH
8.8
A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet…
CVE-2025-53864
2025-07-11
MEDIUM
5.8
Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply…
CVE-2025-53475
2025-07-11
HIGH
8.8
A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue…
CVE-2025-53506
2025-07-10
HIGH
7.5
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces…
CVE-2025-52577
2025-07-11
HIGH
8.8
A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires…
CVE-2025-52520
2025-07-10
HIGH
7.5
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via…
CVE-2025-52434
2025-07-10
HIGH
7.5
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This…
CVE-2025-48891
2025-07-11
HIGH
7.6
A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be…
CVE-2025-46704
2025-07-11
MEDIUM
4.3
A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an…
CVE-2025-28244
2025-07-10
HIGH
8.8
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens…
CVE-2025-28243
2025-07-10
HIGH
8.0
An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.
CVE-2025-53862
2025-07-11
LOW
3.5
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a…
CVE-2025-53861
2025-07-11
LOW
3.1
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and…
CVE-2025-6788
2025-07-11
MEDIUM
4.3
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing…
CVE-2025-50125
2025-07-11
HIGH
7.2
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via…
CVE-2025-50124
2025-07-11
MEDIUM
6.9
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account…
CVE-2025-50123
2025-07-11
HIGH
7.2
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged…
CVE-2025-50122
2025-07-11
HIGH
8.3
CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with…
CVE-2025-50121
2025-07-11
CRITICAL
10.0
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated…
CVE-2025-3933
2025-07-11
MEDIUM
5.3
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor…
CVE-2025-6851
2025-07-11
HIGH
7.2
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2025-6838
2025-07-11
MEDIUM
4.1
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0…
CVE-2025-6438
2025-07-11
MEDIUM
6.8
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML…
CVE-2025-7442
2025-07-11
HIGH
7.5
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the…
« Anterior
Página 159 de 3469
Siguiente »
Page load link
Go to Top
