Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-49713
2025-07-02
HIGH
8.8
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over…
CVE-2025-45813
2025-07-02
CRITICAL
9.8
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
CVE-2025-52841
2025-07-02
N/A
0.0
Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry:…
CVE-2025-45814
2025-07-02
CRITICAL
9.8
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers…
CVE-2025-45424
2025-07-02
MEDIUM
5.3
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
CVE-2025-20307
2025-07-02
MEDIUM
4.8
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to…
CVE-2025-6943
2025-07-02
LOW
3.8
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain…
CVE-2025-6942
2025-07-02
LOW
3.8
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial…
CVE-2025-53359
2025-07-02
N/A
0.0
ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only…
CVE-2025-53358
2025-07-02
MEDIUM
6.5
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the index_fn method accepts…
CVE-2025-52886
2025-07-02
N/A
0.0
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32…
CVE-2025-20310
2025-07-02
MEDIUM
6.1
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to…
CVE-2025-20308
2025-07-02
MEDIUM
6.0
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on…
CVE-2025-45029
2025-07-02
MEDIUM
6.5
WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.
CVE-2025-46647
2025-07-02
MEDIUM
5.3
A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions…
CVE-2025-52101
2025-07-01
CRITICAL
9.8
linjiashop
CVE-2025-53492
2025-07-02
LOW
3.7
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension…
CVE-2025-6725
2025-07-02
MEDIUM
5.4
In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and…
CVE-2025-53494
2025-07-02
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension…
CVE-2025-53493
2025-07-02
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension…
CVE-2025-53110
2025-07-02
N/A
0.0
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior…
CVE-2025-53109
2025-07-02
N/A
0.0
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior…
CVE-2025-53108
2025-07-02
N/A
0.0
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API…
CVE-2025-53006
2025-07-02
N/A
0.0
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift,…
CVE-2025-52891
2025-07-02
MEDIUM
6.5
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8…
CVE-2025-38093
2025-07-02
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU,…
CVE-2025-38092
2025-07-02
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns…
CVE-2025-38091
2025-07-02
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why…
CVE-2025-49588
2025-07-02
N/A
0.0
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts…
CVE-2025-27021
2025-07-02
HIGH
7.0
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users…
CVE-2025-24333
2025-07-02
MEDIUM
6.4
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user…
CVE-2025-24332
2025-07-02
HIGH
7.1
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login…
CVE-2025-24331
2025-07-02
MEDIUM
6.4
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root…
CVE-2025-24330
2025-07-02
MEDIUM
6.4
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN)…
CVE-2025-53106
2025-07-02
N/A
0.0
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2,…
CVE-2025-49741
2025-07-01
HIGH
7.4
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2025-45006
2025-07-01
CRITICAL
9.1
Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access…
CVE-2025-34073
2025-07-02
N/A
0.0
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions
CVE-2025-34072
2025-07-02
N/A
0.0
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an…
CVE-2025-34071
2025-07-02
N/A
0.0
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary…
CVE-2025-34070
2025-07-02
N/A
0.0
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged…
CVE-2025-34069
2025-07-02
N/A
0.0
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control…
CVE-2025-34067
2025-07-02
N/A
0.0
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to…
CVE-2025-34057
2025-07-02
N/A
0.0
An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint.…
CVE-2025-27026
2025-07-02
MEDIUM
4.9
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to…
CVE-2025-24335
2025-07-02
LOW
2.0
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in…
CVE-2025-24334
2025-07-02
LOW
3.3
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release…
CVE-2025-24329
2025-07-02
MEDIUM
6.4
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN)…
CVE-2025-24328
2025-07-02
MEDIUM
4.2
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network…
CVE-2024-35164
2025-07-02
MEDIUM
6.8
The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based…
« Anterior
Página 208 de 3488
Siguiente »
Page load link
Go to Top
