Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-58316
2025-12-12
HIGH
7.5
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can…
CVE-2025-8083
2025-12-12
HIGH
8.6
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted,…
CVE-2025-67734
2025-12-12
N/A
0.0
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company…
CVE-2025-67819
2025-12-12
MEDIUM
4.9
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call…
CVE-2025-67818
2025-12-12
HIGH
7.2
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path…
CVE-2025-67342
2025-12-12
MEDIUM
4.6
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can…
CVE-2025-67344
2025-12-12
MEDIUM
4.6
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.
CVE-2025-67341
2025-12-12
MEDIUM
4.6
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can…
CVE-2025-66430
2025-12-12
CRITICAL
9.1
Plesk 18.0 has Incorrect Access Control.
CVE-2025-65854
2025-12-12
CRITICAL
9.8
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
CVE-2025-54981
2025-12-12
HIGH
7.5
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have…
CVE-2025-58137
2025-12-12
HIGH
8.1
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade…
CVE-2025-58130
2025-12-12
CRITICAL
9.1
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0,…
CVE-2025-14578
2025-12-12
HIGH
7.3
A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID…
CVE-2025-14572
2025-12-12
HIGH
8.8
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in…
CVE-2024-58314
2025-12-12
HIGH
8.8
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers…
CVE-2024-58311
2025-12-12
CRITICAL
9.8
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic…
CVE-2024-58305
2025-12-12
HIGH
8.8
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to…
CVE-2024-58299
2025-12-12
CRITICAL
9.8
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload…
CVE-2024-14010
2025-12-12
CRITICAL
9.8
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run…
CVE-2024-58304
2025-12-11
HIGH
7.5
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can…
CVE-2025-8082
2025-12-12
MEDIUM
6.3
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS)…
CVE-2025-64011
2025-12-12
MEDIUM
4.3
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other…
CVE-2025-67779
2025-12-12
HIGH
7.5
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React…
CVE-2025-14571
2025-12-12
HIGH
7.3
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the…
CVE-2025-53960
2025-12-12
MEDIUM
5.9
When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as…
CVE-2025-54947
2025-12-12
MEDIUM
5.3
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for…
CVE-2025-14570
2025-12-12
HIGH
7.3
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the…
CVE-2025-14569
2025-12-12
MEDIUM
5.3
A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack…
CVE-2025-14568
2025-12-12
MEDIUM
6.3
A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/admin leads…
CVE-2025-40345
2025-12-12
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the…
CVE-2025-12841
2025-12-12
MEDIUM
5.3
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options.
CVE-2025-12835
2025-12-12
HIGH
7.3
The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files…
CVE-2025-36925
2025-12-11
HIGH
7.8
In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2025-36927
2025-12-11
HIGH
7.8
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2025-36928
2025-12-11
HIGH
7.8
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no…
CVE-2025-36929
2025-12-11
MEDIUM
5.5
In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-36930
2025-12-11
HIGH
7.8
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2025-36931
2025-12-11
HIGH
7.8
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2025-36934
2025-12-11
MEDIUM
6.7
In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution…
CVE-2025-64669
2025-12-11
HIGH
7.8
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2025-36889
2025-12-11
MEDIUM
5.5
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-36912
2025-12-11
MEDIUM
6.5
In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no…
CVE-2025-36916
2025-12-11
HIGH
7.0
In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-36917
2025-12-11
MEDIUM
6.5
In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional…
CVE-2025-36918
2025-12-11
HIGH
7.8
In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution…
CVE-2025-36919
2025-12-11
HIGH
7.8
In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed.…
CVE-2025-36921
2025-12-11
MEDIUM
5.5
In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware…
CVE-2025-36922
2025-12-11
MEDIUM
6.7
In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel…
CVE-2025-36938
2025-12-11
MEDIUM
5.1
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no…
« Anterior
Página 215 de 3933
Siguiente »
Page load link
Go to Top
