Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-52477
2025-06-26
HIGH
8.6
Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before…
CVE-2025-6700
2025-06-26
MEDIUM
4.3
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login.…
CVE-2025-6699
2025-06-26
LOW
3.5
A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file…
CVE-2025-44141
2025-06-26
MEDIUM
6.1
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
CVE-2025-36034
2025-06-26
MEDIUM
5.3
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear…
CVE-2025-34049
2025-06-26
N/A
0.0
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The…
CVE-2025-34048
2025-06-26
N/A
0.0
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware…
CVE-2025-34047
2025-06-26
N/A
0.0
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files…
CVE-2025-34046
2025-06-26
N/A
0.0
An unauthenticated file upload vulnerability exists in the Fanwei E-Office
CVE-2025-34045
2025-06-26
N/A
0.0
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun…
CVE-2025-34044
2025-06-26
N/A
0.0
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted…
CVE-2025-34043
2025-06-26
N/A
0.0
A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in…
CVE-2025-34042
2025-06-26
N/A
0.0
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone…
CVE-2025-6698
2025-06-26
LOW
3.5
A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some…
CVE-2025-6697
2025-06-26
LOW
3.5
A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an…
CVE-2025-6696
2025-06-26
LOW
3.5
A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of…
CVE-2025-53007
2025-06-26
N/A
0.0
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability.…
CVE-2025-53002
2025-06-26
HIGH
8.3
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up…
CVE-2025-52902
2025-06-26
HIGH
7.6
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52900
2025-06-26
MEDIUM
5.5
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview,…
CVE-2025-52887
2025-06-26
HIGH
7.5
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed…
CVE-2025-51672
2025-06-26
HIGH
8.0
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists…
CVE-2025-29331
2025-06-26
CRITICAL
9.8
An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management…
CVE-2024-56915
2025-06-26
MEDIUM
6.5
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.
CVE-2025-6710
2025-06-26
HIGH
7.5
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce…
CVE-2025-6709
2025-06-26
HIGH
7.5
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in…
CVE-2025-6707
2025-06-26
MEDIUM
4.2
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator.…
CVE-2025-6706
2025-06-26
MEDIUM
5.0
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior,…
CVE-2025-6695
2025-06-26
LOW
3.5
A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the…
CVE-2025-6694
2025-06-26
LOW
3.5
A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the…
CVE-2025-6677
2025-06-26
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue…
CVE-2025-6676
2025-06-26
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This…
CVE-2025-6675
2025-06-26
MEDIUM
4.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This…
CVE-2025-6674
2025-06-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue…
CVE-2025-5682
2025-06-26
MEDIUM
4.3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site…
CVE-2025-52573
2025-06-26
MEDIUM
6.0
iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to…
CVE-2025-49003
2025-06-26
N/A
0.0
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take…
CVE-2025-48923
2025-06-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-48922
2025-06-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-48921
2025-06-26
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0…
CVE-2025-6693
2025-06-26
HIGH
7.8
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of…
CVE-2025-6562
2025-06-26
HIGH
8.8
Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command Injection vulnerability, allowing remote attackers with…
CVE-2025-5966
2025-06-26
HIGH
8.1
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
CVE-2025-5366
2025-06-26
HIGH
8.1
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
CVE-2025-6561
2025-06-26
CRITICAL
9.8
Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote…
CVE-2025-3773
2025-06-26
N/A
0.0
A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to…
CVE-2025-3771
2025-06-26
N/A
0.0
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to…
CVE-2025-3722
2025-06-26
N/A
0.0
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue…
CVE-2025-6703
2025-06-26
N/A
0.0
Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.
CVE-2025-6212
2025-06-26
HIGH
7.2
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module…
« Anterior
Página 225 de 3493
Siguiente »
Page load link
Go to Top
