Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-52900
2025-06-28
MEDIUM
6.4
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This…
CVE-2024-39730
2025-06-28
MEDIUM
5.4
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim.…
CVE-2024-36347
2025-06-27
MEDIUM
6.4
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load…
CVE-2025-53098
2025-06-27
MEDIUM
5.9
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in…
CVE-2025-53097
2025-06-27
MEDIUM
5.9
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code…
CVE-2025-6778
2025-06-27
LOW
2.4
A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function…
CVE-2025-6777
2025-06-27
HIGH
7.3
A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some…
CVE-2025-6776
2025-06-27
HIGH
7.3
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of…
CVE-2025-6775
2025-06-27
MEDIUM
6.3
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of…
CVE-2025-6774
2025-06-27
MEDIUM
6.3
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue…
CVE-2025-53094
2025-06-27
N/A
0.0
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and…
CVE-2025-50528
2025-06-27
HIGH
7.3
A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6
CVE-2025-50370
2025-06-27
MEDIUM
6.5
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System…
CVE-2025-50369
2025-06-27
MEDIUM
6.5
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0.…
CVE-2025-50367
2025-06-27
MEDIUM
6.1
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The…
CVE-2025-45851
2025-06-27
HIGH
7.5
An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a…
CVE-2025-45737
2025-06-27
MEDIUM
6.5
An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted…
CVE-2025-45729
2025-06-27
MEDIUM
6.3
D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.
CVE-2025-44163
2025-06-27
MEDIUM
6.3
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with…
CVE-2025-40910
2025-06-27
MEDIUM
6.5
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow…
CVE-2025-6773
2025-06-27
MEDIUM
5.3
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability…
CVE-2025-6772
2025-06-27
HIGH
7.3
A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function…
CVE-2015-0843
2025-06-26
CRITICAL
9.8
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
CVE-2015-0842
2025-06-26
CRITICAL
9.8
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
CVE-2025-6522
2025-06-27
MEDIUM
5.4
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable…
CVE-2025-5310
2025-06-27
CRITICAL
9.8
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port.…
CVE-2025-53093
2025-06-27
HIGH
8.6
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version…
CVE-2025-6521
2025-06-27
HIGH
7.6
During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro.…
CVE-2025-6705
2025-06-27
N/A
0.0
On open-vsx.org https://open-vsx.org/ it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of…
CVE-2025-52207
2025-06-27
CRITICAL
9.9
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
CVE-2025-46708
2025-06-27
N/A
0.0
Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running…
CVE-2025-46707
2025-06-27
N/A
0.0
Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
CVE-2025-44559
2025-06-27
N/A
0.0
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range…
CVE-2025-44557
2025-06-27
N/A
0.0
A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass…
CVE-2024-12364
2025-06-27
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software…
CVE-2024-12150
2025-06-27
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind…
CVE-2024-12143
2025-06-27
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal…
CVE-2024-11739
2025-06-27
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL…
CVE-2025-5093
2025-06-27
MEDIUM
5.4
The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title…
CVE-2025-5035
2025-06-27
MEDIUM
5.4
The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page,…
CVE-2025-53091
2025-06-27
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind…
CVE-2025-52553
2025-06-27
N/A
0.0
authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used…
CVE-2023-38007
2025-06-27
MEDIUM
5.4
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel…
CVE-2014-0468
2025-06-26
CRITICAL
9.8
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have…
CVE-2025-6768
2025-06-27
MEDIUM
6.3
A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of…
CVE-2025-6763
2025-06-27
HIGH
7.5
A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and…
CVE-2025-6762
2025-06-27
MEDIUM
6.3
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of…
CVE-2025-6750
2025-06-27
LOW
3.3
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function…
CVE-2025-6731
2025-06-26
MEDIUM
6.3
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the…
CVE-2025-6702
2025-06-26
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the…
« Anterior
Página 219 de 3492
Siguiente »
Page load link
Go to Top
