Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-6929
2025-06-30
MEDIUM
6.3
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some…
CVE-2025-53003
2025-07-01
N/A
0.0
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns…
CVE-2025-53005
2025-07-01
N/A
0.0
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability…
CVE-2025-49029
2025-07-01
CRITICAL
9.1
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue…
CVE-2025-45872
2025-07-01
N/A
0.0
zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.
CVE-2025-36582
2025-07-01
MEDIUM
4.8
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker…
CVE-2024-49365
2025-07-01
N/A
0.0
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on…
CVE-2024-49364
2025-07-01
N/A
0.0
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a…
CVE-2025-6952
2025-07-01
LOW
3.3
A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function…
CVE-2025-6951
2025-07-01
MEDIUM
4.3
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the…
CVE-2025-5314
2025-07-01
MEDIUM
6.1
The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected…
CVE-2025-49483
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated…
CVE-2025-49482
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated…
CVE-2025-49481
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated…
CVE-2025-49480
2025-07-01
HIGH
7.4
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before…
CVE-2025-6224
2025-07-01
MEDIUM
6.5
Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the…
CVE-2025-49492
2025-07-01
HIGH
7.4
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This…
CVE-2025-49491
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is…
CVE-2025-49488
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Exposure. This vulnerability is associated…
CVE-2025-6756
2025-07-01
MEDIUM
6.4
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS…
CVE-2025-49490
2025-07-01
MEDIUM
5.4
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This…
CVE-2025-49489
2025-07-01
MEDIUM
5.4
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is…
CVE-2025-5072
2025-07-01
MEDIUM
5.4
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2025-41656
2025-07-01
CRITICAL
10.0
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the…
CVE-2025-41648
2025-07-01
CRITICAL
9.8
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to…
CVE-2025-6934
2025-07-01
CRITICAL
9.8
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive…
CVE-2025-6081
2025-07-01
MEDIUM
6.8
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target…
CVE-2025-5967
2025-07-01
N/A
0.0
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS…
CVE-2024-46993
2025-07-01
N/A
0.0
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to…
CVE-2025-53096
2025-07-01
MEDIUM
5.4
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection…
CVE-2025-53095
2025-07-01
CRITICAL
9.6
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection…
CVE-2025-49521
2025-06-30
HIGH
8.8
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values…
CVE-2025-49520
2025-06-30
HIGH
8.8
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git…
CVE-2024-46992
2025-07-01
HIGH
7.8
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to…
CVE-2025-6937
2025-07-01
HIGH
7.3
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects…
CVE-2025-36056
2025-07-01
MEDIUM
5.4
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948…
CVE-2025-53004
2025-06-30
N/A
0.0
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability…
CVE-2025-2141
2025-07-01
MEDIUM
6.1
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948…
CVE-2025-6932
2025-06-30
LOW
3.7
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync…
CVE-2025-6916
2025-06-30
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the…
CVE-2025-32463
2025-06-30
CRITICAL
9.3
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the…
CVE-2025-32462
2025-06-30
LOW
2.8
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor…
CVE-2025-52997
2025-06-30
MEDIUM
5.9
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52996
2025-06-30
LOW
3.1
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52995
2025-06-30
HIGH
8.0
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52901
2025-06-30
MEDIUM
4.5
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52491
2025-06-30
MEDIUM
5.8
Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.
CVE-2025-49493
2025-06-30
MEDIUM
5.8
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
CVE-2024-53621
2025-06-30
HIGH
7.5
A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of…
CVE-2023-47310
2025-06-30
MEDIUM
6.5
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.
« Anterior
Página 214 de 3492
Siguiente »
Page load link
Go to Top
