Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-53930
2025-12-17
CRITICAL
9.8
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's…
CVE-2023-53929
2025-12-17
HIGH
8.8
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a…
CVE-2023-53928
2025-12-17
MEDIUM
5.4
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files…
CVE-2023-53927
2025-12-17
HIGH
8.8
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded…
CVE-2023-53921
2025-12-17
CRITICAL
9.8
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system…
CVE-2023-53920
2025-12-17
MEDIUM
4.6
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title…
CVE-2023-53919
2025-12-17
MEDIUM
4.6
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content…
CVE-2023-53918
2025-12-17
MEDIUM
5.4
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute…
CVE-2023-53916
2025-12-17
MEDIUM
5.4
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious…
CVE-2023-53915
2025-12-17
MEDIUM
5.4
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with…
CVE-2023-53914
2025-12-17
CRITICAL
9.8
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request…
CVE-2023-53913
2025-12-17
HIGH
8.8
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code…
CVE-2023-53910
2025-12-17
MEDIUM
5.4
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor.…
CVE-2023-53909
2025-12-17
MEDIUM
5.4
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can…
CVE-2023-53906
2025-12-17
MEDIUM
4.6
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload…
CVE-2023-53905
2025-12-17
HIGH
8.8
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name…
CVE-2025-14318
2025-12-18
N/A
0.0
Improper access checks in M-Files Server before 25.12 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVE-2025-13498
2025-12-18
MEDIUM
4.3
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization…
CVE-2025-12976
2025-12-18
MEDIUM
6.4
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list_grouped' shortcode in all versions up to,…
CVE-2025-68463
2025-12-18
MEDIUM
4.9
Bio.Entrez in Biopython through 186 allows doctype XXE.
CVE-2025-68462
2025-12-18
LOW
3.2
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.
CVE-2025-68459
2025-12-18
HIGH
7.2
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be…
CVE-2025-47387
2025-12-18
HIGH
7.8
Memory Corruption when processing IOCTLs for JPEG data without verification.
CVE-2025-47382
2025-12-18
HIGH
7.8
Memory corruption while loading an invalid firmware in boot loader.
CVE-2025-47372
2025-12-18
CRITICAL
9.0
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
CVE-2025-47350
2025-12-18
HIGH
7.8
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
CVE-2025-47325
2025-12-18
MEDIUM
6.5
Information disclosure while processing system calls with invalid parameters.
CVE-2025-47323
2025-12-18
HIGH
7.8
Memory corruption while routing GPR packets between user and root when handling large data packet.
CVE-2025-47322
2025-12-18
HIGH
7.8
Memory corruption while handling IOCTL calls to set mode.
CVE-2025-47321
2025-12-18
HIGH
7.8
Memory corruption while copying packets received from unix clients.
CVE-2025-47320
2025-12-18
HIGH
7.8
Memory corruption while processing MFC channel configuration during music playback.
CVE-2025-47319
2025-12-18
MEDIUM
6.7
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
CVE-2025-27063
2025-12-18
HIGH
7.8
Memory corruption during video playback when video session open fails with time out error.
CVE-2025-68461
2025-12-18
HIGH
7.2
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
CVE-2025-68460
2025-12-18
HIGH
7.2
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
CVE-2025-12885
2025-12-18
MEDIUM
6.4
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function regex bypass in…
CVE-2025-14856
2025-12-18
MEDIUM
6.3
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument…
CVE-2025-14841
2025-12-18
LOW
3.3
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation…
CVE-2025-14202
2025-12-18
N/A
0.0
A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin…
CVE-2025-68435
2025-12-17
CRITICAL
9.1
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints.…
CVE-2025-68433
2025-12-17
HIGH
7.7
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file…
CVE-2025-68432
2025-12-17
HIGH
7.7
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file…
CVE-2025-68429
2025-12-17
HIGH
7.3
Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17,…
CVE-2025-68145
2025-12-17
N/A
0.0
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that…
CVE-2025-68144
2025-12-17
N/A
0.0
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would…
CVE-2025-68143
2025-12-17
N/A
0.0
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem…
CVE-2025-66029
2025-12-17
HIGH
7.6
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious…
CVE-2023-53926
2025-12-17
CRITICAL
9.8
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through…
CVE-2023-53912
2025-12-17
MEDIUM
6.2
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…
CVE-2023-53911
2025-12-17
MEDIUM
4.6
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into…
« Anterior
Página 198 de 3934
Siguiente »
Page load link
Go to Top
