Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8137
2025-07-25
HIGH
8.8
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2025-8136
2025-07-25
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the…
CVE-2025-8135
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some…
CVE-2025-5835
2025-07-25
HIGH
8.8
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check…
CVE-2025-5831
2025-07-25
HIGH
8.8
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline()…
CVE-2025-8134
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of…
CVE-2025-8133
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of…
CVE-2025-7022
2025-07-25
MEDIUM
6.1
The My Reservation System WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in…
CVE-2025-8132
2025-07-25
MEDIUM
5.4
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue…
CVE-2025-8131
2025-07-25
HIGH
8.8
A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an…
CVE-2025-8129
2025-07-25
LOW
3.5
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back…
CVE-2025-8128
2025-07-25
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some…
CVE-2025-8127
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the…
CVE-2025-54568
2025-07-25
LOW
3.7
Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured…
CVE-2025-8126
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of…
CVE-2025-54567
2025-07-25
MEDIUM
4.2
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
CVE-2025-54566
2025-07-25
MEDIUM
4.2
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
CVE-2019-25224
2025-07-25
CRITICAL
9.8
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump…
CVE-2015-10144
2025-07-25
HIGH
8.8
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in…
CVE-2015-10143
2025-07-25
CRITICAL
9.8
The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to…
CVE-2025-8125
2025-07-25
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue…
CVE-2025-54558
2025-07-25
MEDIUM
4.1
OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z…
CVE-2025-0253
2025-07-25
LOW
2.0
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could…
CVE-2025-0252
2025-07-25
LOW
2.6
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it…
CVE-2025-0251
2025-07-25
LOW
2.6
HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials,…
CVE-2025-8124
2025-07-25
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability…
CVE-2025-7742
2025-07-25
N/A
0.0
An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an…
CVE-2025-0250
2025-07-25
LOW
2.2
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is…
CVE-2025-0249
2025-07-25
LOW
3.3
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which…
CVE-2025-54379
2025-07-24
N/A
0.0
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions…
CVE-2025-53940
2025-07-24
N/A
0.0
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central…
CVE-2025-3614
2025-07-24
MEDIUM
6.4
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of…
CVE-2025-32429
2025-07-24
N/A
0.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1…
CVE-2025-22165
2025-07-24
N/A
0.0
This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary…
CVE-2025-8123
2025-07-24
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown…
CVE-2025-7404
2025-07-24
N/A
0.0
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind…
CVE-2025-6260
2025-07-24
CRITICAL
9.8
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the…
CVE-2025-31955
2025-07-24
HIGH
7.6
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within…
CVE-2025-31953
2025-07-24
HIGH
7.1
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized…
CVE-2025-31952
2025-07-24
HIGH
7.1
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing…
CVE-2025-6998
2025-07-24
N/A
0.0
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via…
CVE-2025-8115
2025-07-24
LOW
3.5
A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability…
CVE-2025-5039
2025-07-24
HIGH
7.8
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary…
CVE-2025-45702
2025-07-24
MEDIUM
6.5
SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.
CVE-2025-53084
2025-07-24
CRITICAL
9.0
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-50128
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-48732
2025-07-24
HIGH
7.3
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted…
CVE-2025-47061
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46996
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46993
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
« Anterior
Página 23 de 3363
Siguiente »
Page load link
Go to Top
