Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-25271
2025-07-08
HIGH
8.8
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVE-2025-25270
2025-07-08
CRITICAL
9.8
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with…
CVE-2025-25269
2025-07-08
HIGH
8.4
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVE-2025-25268
2025-07-08
HIGH
8.8
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access…
CVE-2025-24006
2025-07-08
HIGH
7.8
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVE-2025-24005
2025-07-08
HIGH
7.8
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root…
CVE-2025-24004
2025-07-08
MEDIUM
5.2
A physical attacker with access to the device display via USB-C can send a message to the device which triggers…
CVE-2025-24003
2025-07-08
HIGH
8.2
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law,…
CVE-2025-24002
2025-07-08
MEDIUM
5.3
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law,…
CVE-2025-7327
2025-07-08
HIGH
8.8
The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including,…
CVE-2025-7163
2025-07-08
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function…
CVE-2025-7162
2025-07-08
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some…
CVE-2025-5957
2025-07-08
MEDIUM
5.3
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of…
CVE-2025-5537
2025-07-08
MEDIUM
6.4
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image…
CVE-2025-7161
2025-07-08
MEDIUM
6.3
A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the…
CVE-2025-7160
2025-07-08
HIGH
7.3
A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of…
CVE-2025-7159
2025-07-08
MEDIUM
6.3
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. Affected by this issue…
CVE-2025-7158
2025-07-08
MEDIUM
6.3
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability…
CVE-2025-7157
2025-07-08
HIGH
7.3
A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-6244
2025-07-08
MEDIUM
6.4
The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-5570
2025-07-08
MEDIUM
5.4
The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all…
CVE-2025-20695
2025-07-08
HIGH
7.5
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial…
CVE-2025-20694
2025-07-08
HIGH
7.5
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial…
CVE-2025-20693
2025-07-08
MEDIUM
6.5
In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20692
2025-07-08
MEDIUM
5.5
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20691
2025-07-08
MEDIUM
5.5
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20690
2025-07-08
MEDIUM
5.5
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20689
2025-07-08
MEDIUM
5.5
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20688
2025-07-08
MEDIUM
5.5
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could…
CVE-2025-20687
2025-07-08
MEDIUM
5.5
In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead…
CVE-2025-20686
2025-07-08
HIGH
8.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20685
2025-07-08
HIGH
8.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20684
2025-07-08
CRITICAL
9.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20683
2025-07-08
CRITICAL
9.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20682
2025-07-08
CRITICAL
9.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20681
2025-07-08
CRITICAL
9.8
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could…
CVE-2025-20680
2025-07-08
CRITICAL
9.8
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead…
CVE-2025-7156
2025-07-08
MEDIUM
6.3
A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of…
CVE-2025-7146
2025-07-08
HIGH
7.5
The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system…
CVE-2025-43001
2025-07-08
MEDIUM
6.9
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of…
CVE-2025-42992
2025-07-08
MEDIUM
6.9
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable…
CVE-2025-42986
2025-07-08
MEDIUM
4.3
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker…
CVE-2025-42985
2025-07-08
MEDIUM
6.1
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in…
CVE-2025-42981
2025-07-08
MEDIUM
6.1
Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link…
CVE-2025-42980
2025-07-08
CRITICAL
9.1
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which,…
CVE-2025-42979
2025-07-08
MEDIUM
5.6
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for…
CVE-2025-42978
2025-07-08
LOW
3.5
The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the…
CVE-2025-42974
2025-07-08
MEDIUM
4.3
Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could…
CVE-2025-42973
2025-07-08
MEDIUM
5.4
Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality…
CVE-2025-42971
2025-07-08
MEDIUM
4.0
A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim…
« Anterior
Página 190 de 3484
Siguiente »
Page load link
Go to Top
