Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8171
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some…
CVE-2025-8101
2025-07-25
N/A
0.0
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating…
CVE-2025-8170
2025-07-25
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file…
CVE-2025-8169
2025-07-25
HIGH
8.8
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file…
CVE-2025-8166
2025-07-25
HIGH
7.3
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-52455
2025-07-25
MEDIUM
5.3
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This…
CVE-2025-52454
2025-07-25
MEDIUM
5.3
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing.…
CVE-2025-52453
2025-07-25
HIGH
8.2
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing.…
CVE-2025-52452
2025-07-25
HIGH
8.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc…
CVE-2025-45960
2025-07-25
MEDIUM
6.1
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web…
CVE-2025-45893
2025-07-25
MEDIUM
6.1
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts.…
CVE-2025-45892
2025-07-25
MEDIUM
6.1
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because…
CVE-2025-45406
2025-07-25
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2025-29630
2025-07-25
HIGH
8.1
An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain remote root access…
CVE-2025-45467
2025-07-25
HIGH
7.1
Unitree Go1
CVE-2025-44608
2025-07-25
MEDIUM
6.5
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
CVE-2025-29628
2025-07-25
HIGH
8.1
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request
CVE-2024-48730
2025-07-25
MEDIUM
6.5
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any…
CVE-2024-48729
2025-07-25
HIGH
7.1
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component
CVE-2025-8197
2025-07-25
MEDIUM
5.5
A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the…
CVE-2025-8168
2025-07-25
HIGH
8.8
A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the…
CVE-2025-8167
2025-07-25
LOW
3.5
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-46198
2025-07-25
HIGH
8.8
Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror…
CVE-2025-30135
2025-07-25
CRITICAL
9.4
An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It…
CVE-2025-52449
2025-07-25
HIGH
8.5
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows…
CVE-2025-52447
2025-07-25
HIGH
8.1
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation…
CVE-2025-8165
2025-07-25
MEDIUM
6.3
A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing…
CVE-2025-52448
2025-07-25
HIGH
8.1
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data…
CVE-2025-52446
2025-07-25
HIGH
8.0
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data…
CVE-2025-34139
2025-07-25
N/A
0.0
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to…
CVE-2025-29631
2025-07-25
CRITICAL
9.8
An issue in Gardyn 4 allows a remote attacker execute arbitrary code
CVE-2025-34138
2025-07-25
N/A
0.0
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized…
CVE-2025-29629
2025-07-25
HIGH
8.8
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn…
CVE-2025-8164
2025-07-25
MEDIUM
6.3
A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code…
CVE-2025-8163
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part…
CVE-2025-5449
2025-07-25
MEDIUM
4.3
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect…
CVE-2025-46199
2025-07-25
CRITICAL
9.8
Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script…
CVE-2025-8162
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue…
CVE-2025-8161
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown…
CVE-2025-54596
2025-07-25
MEDIUM
4.3
Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
CVE-2025-36728
2025-07-25
MEDIUM
6.3
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
CVE-2025-36727
2025-07-25
HIGH
8.3
Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.
CVE-2023-53155
2025-07-25
HIGH
7.2
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
CVE-2025-45466
2025-07-25
HIGH
8.8
Unitree Go1
CVE-2025-3873
2025-07-25
N/A
0.0
The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output…
CVE-2025-3508
2025-07-25
N/A
0.0
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive…
CVE-2025-38467
2025-07-25
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's…
CVE-2025-38466
2025-07-25
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that…
CVE-2025-38465
2025-07-25
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in…
CVE-2025-38464
2025-07-25
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in…
« Anterior
Página 18 de 3362
Siguiente »
Page load link
Go to Top
