Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-64562
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64560
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64559
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64558
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64557
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64556
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64555
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64554
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64553
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64551
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64550
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64549
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64548
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64547
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64546
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64545
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64544
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64543
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious…
CVE-2025-64541
2025-12-10
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-64539
2025-12-10
CRITICAL
9.3
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this…
CVE-2025-64538
2025-12-10
CRITICAL
9.3
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this…
CVE-2025-64537
2025-12-10
CRITICAL
9.3
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this…
CVE-2025-56431
2025-12-10
N/A
0.0
Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the file_get_contents() function.
CVE-2025-56430
2025-12-10
N/A
0.0
Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory function.
CVE-2025-56429
2025-12-10
N/A
0.0
Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component.
CVE-2025-34430
2025-12-10
N/A
0.0
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as…
CVE-2025-34429
2025-12-10
N/A
0.0
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens…
CVE-2025-34428
2025-12-10
N/A
0.0
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative…
CVE-2025-34427
2025-12-10
N/A
0.0
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative…
CVE-2025-67643
2025-12-10
MEDIUM
4.3
Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers…
CVE-2025-67642
2025-12-10
MEDIUM
4.3
Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault…
CVE-2025-67640
2025-12-10
MEDIUM
5.0
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script…
CVE-2025-67639
2025-12-10
LOW
3.5
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2025-67638
2025-12-10
MEDIUM
4.3
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and…
CVE-2025-67637
2025-12-10
MEDIUM
4.3
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users…
CVE-2025-67636
2025-12-10
MEDIUM
4.3
A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.
CVE-2025-65754
2025-12-10
N/A
0.0
Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename.
CVE-2025-67635
2025-12-10
HIGH
7.5
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial…
CVE-2025-63094
2025-12-10
N/A
0.0
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the…
CVE-2025-5467
2025-12-10
N/A
0.0
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or…
CVE-2025-9056
2025-12-10
MEDIUM
5.3
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.
CVE-2025-9613
2025-12-09
MEDIUM
6.5
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding…
CVE-2025-65815
2025-12-10
MEDIUM
6.5
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.
CVE-2025-65814
2025-12-10
MEDIUM
6.5
A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal.
CVE-2025-67496
2025-12-09
MEDIUM
4.3
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in…
CVE-2025-66645
2025-12-09
HIGH
7.5
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files…
CVE-2025-65792
2025-12-10
N/A
0.0
DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.
CVE-2025-52493
2025-12-10
N/A
0.0
PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values…
CVE-2025-13073
2025-12-10
HIGH
7.1
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected…
CVE-2025-13072
2025-12-10
HIGH
7.1
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected…
« Anterior
Página 227 de 3934
Siguiente »
Page load link
Go to Top
