Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2012-10022
2025-08-01
N/A
0.0
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The…
CVE-2025-54564
2025-08-01
HIGH
7.8
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as…
CVE-2025-50870
2025-08-01
CRITICAL
9.8
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address…
CVE-2025-8480
2025-08-01
HIGH
8.0
Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8477
2025-08-01
HIGH
7.4
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-8476
2025-08-01
HIGH
7.1
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8475
2025-08-01
HIGH
7.4
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2025-8474
2025-08-01
MEDIUM
6.8
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on…
CVE-2025-8473
2025-08-01
MEDIUM
6.4
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of…
CVE-2025-8472
2025-08-01
HIGH
7.4
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-6037
2025-08-01
MEDIUM
6.8
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA…
CVE-2025-6015
2025-08-01
MEDIUM
5.7
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in…
CVE-2025-6014
2025-08-01
MEDIUM
6.5
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period.…
CVE-2025-6011
2025-08-01
LOW
3.7
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing…
CVE-2025-6004
2025-08-01
MEDIUM
5.3
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault…
CVE-2025-6000
2025-08-01
CRITICAL
9.1
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying…
CVE-2025-5999
2025-08-01
HIGH
7.2
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s…
CVE-2025-54595
2025-08-01
HIGH
7.3
Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with…
CVE-2025-54593
2025-08-01
HIGH
7.2
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code…
CVE-2025-54590
2025-08-01
N/A
0.0
webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the…
CVE-2025-54574
2025-08-01
CRITICAL
9.3
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer…
CVE-2025-53012
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53011
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53010
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53009
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions…
CVE-2025-51502
2025-08-01
MEDIUM
6.1
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution…
CVE-2025-52390
2025-08-01
CRITICAL
9.1
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in…
CVE-2025-50869
2025-08-01
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query…
CVE-2025-50868
2025-08-01
MEDIUM
6.5
A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized…
CVE-2025-51501
2025-08-01
MEDIUM
6.1
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary…
CVE-2025-50472
2025-08-01
CRITICAL
9.8
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function…
CVE-2025-49832
2025-08-01
MEDIUM
6.5
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0…
CVE-2025-45778
2025-08-01
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts…
CVE-2025-45150
2025-08-01
CRITICAL
9.8
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
CVE-2025-50460
2025-08-01
CRITICAL
9.8
A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using…
CVE-2025-46018
2025-08-01
MEDIUM
5.4
CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling…
CVE-2025-33118
2025-08-01
MEDIUM
6.4
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users…
CVE-2025-2824
2025-08-01
HIGH
7.4
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using…
CVE-2023-32256
2025-08-01
HIGH
7.5
A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in…
CVE-2025-51504
2025-08-01
HIGH
7.6
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVE-2025-48074
2025-08-01
N/A
0.0
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture…
CVE-2025-52361
2025-08-01
N/A
0.0
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to…
CVE-2025-52327
2025-08-01
N/A
0.0
SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
CVE-2025-44139
2025-08-01
N/A
0.0
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
CVE-2025-45767
2025-08-01
HIGH
7.0
jose v6.0.10 was discovered to contain weak encryption.
CVE-2019-19144
2025-08-01
N/A
0.0
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
CVE-2025-8454
2025-08-01
CRITICAL
9.8
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a…
CVE-2025-5921
2025-08-01
MEDIUM
5.8
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2023-44976
2025-08-01
LOW
3.2
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl…
CVE-2025-41376
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
« Anterior
Página 2 de 3359
Siguiente »
Page load link
Go to Top
