Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47357
2025-11-04
HIGH
8.0
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.
CVE-2025-47353
2025-11-04
HIGH
7.8
Memory corruption while processing request sent from GVM.
CVE-2025-47352
2025-11-04
HIGH
7.8
Memory corruption while processing audio streaming operations.
CVE-2025-27074
2025-11-04
HIGH
8.8
Memory corruption while processing a GP command response.
CVE-2025-27070
2025-11-04
HIGH
7.8
Memory corruption while performing encryption and decryption commands.
CVE-2025-27064
2025-11-04
MEDIUM
6.1
Information disclosure while registering commands from clients with diag through diagHal.
CVE-2025-12401
2025-11-04
MEDIUM
6.1
The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce…
CVE-2025-12070
2025-11-04
MEDIUM
4.3
The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on the…
CVE-2025-12069
2025-11-04
MEDIUM
4.3
The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce…
CVE-2025-11008
2025-11-04
CRITICAL
9.8
The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible…
CVE-2025-11007
2025-11-04
CRITICAL
9.8
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to…
CVE-2025-12324
2025-11-04
MEDIUM
6.4
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to,…
CVE-2025-11841
2025-11-04
MEDIUM
6.4
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and…
CVE-2025-43434
2025-11-04
MEDIUM
4.3
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted…
CVE-2025-43433
2025-11-04
HIGH
8.8
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously…
CVE-2025-43432
2025-11-04
MEDIUM
4.3
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing…
CVE-2025-43431
2025-11-04
HIGH
8.8
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously…
CVE-2025-43429
2025-11-04
MEDIUM
4.3
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing…
CVE-2025-43425
2025-11-04
MEDIUM
4.3
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously…
CVE-2025-43420
2025-11-04
MEDIUM
4.7
A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive…
CVE-2025-43376
2025-11-04
N/A
0.0
A logic issue was addressed with improved state management. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. A…
CVE-2025-60892
2025-11-03
MEDIUM
6.8
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their…
CVE-2025-45663
2025-11-03
MEDIUM
6.5
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVE-2025-29699
2025-11-03
MEDIUM
6.5
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
CVE-2025-12616
2025-11-03
LOW
3.7
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information…
CVE-2025-12615
2025-11-03
MEDIUM
5.0
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY…
CVE-2024-51317
2025-11-03
MEDIUM
6.5
An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
CVE-2025-63441
2025-11-03
HIGH
7.3
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
CVE-2025-63452
2025-11-03
CRITICAL
9.4
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVE-2025-50363
2025-11-03
MEDIUM
5.4
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
CVE-2025-11953
2025-11-03
CRITICAL
9.8
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to…
CVE-2025-45959
2025-11-03
N/A
0.0
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2025-63451
2025-11-03
CRITICAL
9.8
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVE-2025-60503
2025-11-03
HIGH
8.7
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the…
CVE-2025-12463
2025-11-03
CRITICAL
9.8
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera…
CVE-2025-10280
2025-11-03
HIGH
7.1
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some…
CVE-2025-63453
2025-11-03
N/A
0.0
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVE-2025-63450
2025-11-03
MEDIUM
5.4
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
CVE-2025-63449
2025-11-03
MEDIUM
5.4
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
CVE-2025-63448
2025-11-03
MEDIUM
6.1
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
CVE-2025-63447
2025-11-03
MEDIUM
6.1
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
CVE-2025-63446
2025-11-03
MEDIUM
6.1
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
CVE-2025-63443
2025-11-03
MEDIUM
5.4
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
CVE-2025-63442
2025-11-03
MEDIUM
4.6
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to…
CVE-2025-60785
2025-11-03
N/A
0.0
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
CVE-2025-48397
2025-11-03
HIGH
7.1
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of…
CVE-2025-36093
2025-11-03
MEDIUM
4.8
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques…
CVE-2025-36092
2025-11-03
MEDIUM
6.5
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input…
CVE-2025-36091
2025-11-03
MEDIUM
4.3
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership…
CVE-2025-48396
2025-11-03
HIGH
8.3
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest…
« Anterior
Página 17 de 3627
Siguiente »
Page load link
Go to Top
