Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-2522
2025-07-10
MEDIUM
6.5
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An…
CVE-2025-2521
2025-07-10
HIGH
8.6
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An…
CVE-2025-7413
2025-07-10
MEDIUM
6.3
A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the…
CVE-2025-7412
2025-07-10
MEDIUM
6.3
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is…
CVE-2025-7021
2025-07-10
N/A
0.0
Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on…
CVE-2025-53634
2025-07-10
N/A
0.0
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but…
CVE-2025-53633
2025-07-10
N/A
0.0
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a…
CVE-2025-53632
2025-07-10
N/A
0.0
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a…
CVE-2025-53630
2025-07-10
N/A
0.0
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead…
CVE-2025-53626
2025-07-10
MEDIUM
6.1
pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical…
CVE-2025-34102
2025-07-10
N/A
0.0
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL…
CVE-2025-34101
2025-07-10
N/A
0.0
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API…
CVE-2025-34100
2025-07-10
N/A
0.0
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its…
CVE-2025-34099
2025-07-10
N/A
0.0
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password…
CVE-2025-34098
2025-07-10
N/A
0.0
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the…
CVE-2025-34097
2025-07-10
N/A
0.0
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives.…
CVE-2025-34096
2025-07-10
N/A
0.0
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a…
CVE-2025-34095
2025-07-10
N/A
0.0
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by…
CVE-2025-34093
2025-07-10
N/A
0.0
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute…
CVE-2025-2520
2025-07-10
HIGH
7.5
The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially…
CVE-2025-7411
2025-07-10
HIGH
7.3
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-53709
2025-07-10
MEDIUM
5.4
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on…
CVE-2025-7409
2025-07-10
HIGH
7.3
A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-53625
2025-07-10
N/A
0.0
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several…
CVE-2025-53549
2025-07-10
N/A
0.0
The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An…
CVE-2025-53542
2025-07-10
HIGH
7.7
Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the…
CVE-2025-53503
2025-07-10
HIGH
7.8
Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally…
CVE-2025-53378
2025-07-10
HIGH
7.6
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to…
CVE-2025-52837
2025-07-10
HIGH
7.8
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could…
CVE-2025-52521
2025-07-10
HIGH
7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local…
CVE-2025-52473
2025-07-10
MEDIUM
5.9
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in…
CVE-2025-47813
2025-07-10
MEDIUM
4.3
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long…
CVE-2025-53371
2025-07-10
CRITICAL
9.1
DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows…
CVE-2025-7410
2025-07-10
HIGH
7.3
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function…
CVE-2025-27889
2025-07-10
LOW
3.4
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection…
CVE-2025-53020
2025-07-10
N/A
0.0
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17…
CVE-2025-49812
2025-07-10
N/A
0.0
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker…
CVE-2025-49630
2025-07-10
N/A
0.0
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered…
CVE-2025-49464
2025-07-10
MEDIUM
6.5
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service…
CVE-2025-49463
2025-07-10
MEDIUM
6.5
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct…
CVE-2025-49462
2025-07-10
LOW
3.5
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information…
CVE-2025-47812
2025-07-10
CRITICAL
10.0
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary…
CVE-2025-47811
2025-07-10
MEDIUM
4.1
In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or…
CVE-2025-23048
2025-07-10
N/A
0.0
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is…
CVE-2024-47252
2025-07-10
N/A
0.0
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to…
CVE-2024-43394
2025-07-10
N/A
0.0
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via …
CVE-2024-43204
2025-07-10
N/A
0.0
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled…
CVE-2024-42516
2025-07-10
N/A
0.0
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers…
CVE-2025-6395
2025-07-10
MEDIUM
6.5
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a…
CVE-2025-7425
2025-07-10
HIGH
7.8
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal…
« Anterior
Página 161 de 3469
Siguiente »
Page load link
Go to Top
