Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5927
2025-06-25
HIGH
7.5
The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
CVE-2025-49797
2025-06-25
HIGH
7.8
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with…
CVE-2025-41647
2025-06-25
MEDIUM
5.5
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect…
CVE-2025-43880
2025-06-25
MEDIUM
4.3
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial…
CVE-2025-5585
2025-06-25
MEDIUM
6.4
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in…
CVE-2025-36004
2025-06-25
HIGH
8.8
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library…
CVE-2025-0966
2025-06-25
HIGH
7.6
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could…
CVE-2025-52884
2025-06-24
N/A
0.0
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel…
CVE-2025-52883
2025-06-24
MEDIUM
5.3
Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to…
CVE-2025-6557
2025-06-24
MEDIUM
5.4
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a…
CVE-2025-6556
2025-06-24
MEDIUM
6.5
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy…
CVE-2025-6555
2025-06-24
MEDIUM
6.5
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-52572
2025-06-24
CRITICAL
10.0
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web…
CVE-2025-6579
2025-06-24
HIGH
7.3
A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some…
CVE-2025-6578
2025-06-24
HIGH
7.3
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability…
CVE-2025-53021
2025-06-24
MEDIUM
4.2
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter.…
CVE-2025-52888
2025-06-24
HIGH
7.5
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity…
CVE-2025-52882
2025-06-24
N/A
0.0
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and…
CVE-2025-52880
2025-06-24
MEDIUM
4.2
Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered…
CVE-2025-52571
2025-06-24
CRITICAL
9.6
Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It…
CVE-2025-52471
2025-06-24
N/A
0.0
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW…
CVE-2025-49853
2025-06-24
N/A
0.0
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary…
CVE-2025-49852
2025-06-24
N/A
0.0
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated…
CVE-2025-49851
2025-06-24
N/A
0.0
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to…
CVE-2025-44531
2025-06-24
HIGH
7.5
An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a…
CVE-2024-56917
2025-06-24
HIGH
7.1
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.
CVE-2024-56916
2025-06-24
MEDIUM
6.1
In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value`…
CVE-2024-56918
2025-06-24
MEDIUM
6.1
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to…
CVE-2024-37743
2025-06-24
CRITICAL
9.8
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.
CVE-2025-6436
2025-06-24
MEDIUM
6.5
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and…
CVE-2025-5087
2025-06-24
N/A
0.0
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network…
CVE-2025-2566
2025-06-24
N/A
0.0
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted…
CVE-2025-53073
2025-06-24
MEDIUM
4.2
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as…
CVE-2025-50699
2025-06-24
MEDIUM
6.1
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php.
CVE-2025-50695
2025-06-24
MEDIUM
6.1
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.
CVE-2025-50693
2025-06-24
MEDIUM
6.5
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php.
CVE-2025-49147
2025-06-24
MEDIUM
5.3
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0…
CVE-2025-50213
2025-06-24
CRITICAL
9.8
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue…
CVE-2025-23260
2025-06-24
MEDIUM
5.0
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using…
CVE-2025-4378
2025-06-24
CRITICAL
10.0
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication…
CVE-2025-6566
2025-06-24
MEDIUM
5.3
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the…
CVE-2025-4383
2025-06-24
CRITICAL
9.3
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot…
CVE-2025-36537
2025-06-24
HIGH
7.0
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version…
CVE-2025-23265
2025-06-24
HIGH
7.8
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection…
CVE-2025-32976
2025-06-24
HIGH
8.8
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5),…
CVE-2025-23264
2025-06-24
HIGH
7.8
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection…
CVE-2025-6569
2025-06-24
MEDIUM
4.3
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an…
CVE-2025-6568
2025-06-24
HIGH
8.8
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file…
CVE-2025-6567
2025-06-24
HIGH
7.3
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects…
CVE-2025-32978
2025-06-24
HIGH
7.5
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5),…
« Anterior
Página 231 de 3495
Siguiente »
Page load link
Go to Top
