Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-32977
2025-06-24
CRITICAL
9.6
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5),…
CVE-2025-32975
2025-06-24
CRITICAL
10.0
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5),…
CVE-2025-27828
2025-06-24
HIGH
7.1
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through…
CVE-2025-27827
2025-06-24
HIGH
7.1
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to…
CVE-2025-6551
2025-06-24
LOW
3.5
A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the…
CVE-2025-6535
2025-06-24
MEDIUM
6.3
A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function…
CVE-2025-6517
2025-06-23
MEDIUM
6.3
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add…
CVE-2025-6032
2025-06-24
HIGH
8.3
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the…
CVE-2025-5318
2025-06-24
MEDIUM
5.4
A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to…
CVE-2025-6435
2025-06-24
HIGH
8.1
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that…
CVE-2025-39205
2025-06-24
MEDIUM
6.5
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows…
CVE-2025-39204
2025-06-24
MEDIUM
6.5
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface…
CVE-2025-39203
2025-06-24
MEDIUM
6.5
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from…
CVE-2025-39202
2025-06-24
HIGH
7.3
A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low…
CVE-2025-39201
2025-06-24
MEDIUM
6.1
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a…
CVE-2025-2403
2025-06-24
HIGH
7.5
A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series…
CVE-2025-34036
2025-06-24
N/A
0.0
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web…
CVE-2025-34035
2025-06-24
N/A
0.0
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to…
CVE-2025-2828
2025-06-23
HIGH
8.4
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version…
CVE-2025-1718
2025-06-24
MEDIUM
6.5
An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to…
CVE-2025-6565
2025-06-24
HIGH
8.8
A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of…
CVE-2025-6434
2025-06-24
N/A
0.0
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially…
CVE-2025-6433
2025-06-24
N/A
0.0
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to…
CVE-2025-6432
2025-06-24
N/A
0.0
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or…
CVE-2025-6431
2025-06-24
N/A
0.0
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before…
CVE-2025-6430
2025-06-24
N/A
0.0
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included…
CVE-2025-6429
2025-06-24
N/A
0.0
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in…
CVE-2025-6428
2025-06-24
N/A
0.0
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the…
CVE-2025-6427
2025-06-24
N/A
0.0
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have…
CVE-2025-6426
2025-06-24
N/A
0.0
The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox…
CVE-2025-6425
2025-06-24
N/A
0.0
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and…
CVE-2025-6424
2025-06-24
N/A
0.0
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25,…
CVE-2025-6206
2025-06-24
HIGH
7.5
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress…
CVE-2025-3092
2025-06-24
HIGH
7.5
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
CVE-2025-3091
2025-06-24
HIGH
7.5
An low privileged remote attacker in possession of the second factor for another user can login as that user without…
CVE-2025-5258
2025-06-24
MEDIUM
6.4
The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up…
CVE-2025-3090
2025-06-24
HIGH
8.2
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
CVE-2025-2962
2025-06-24
HIGH
7.5
A denial-of-service issue in the dns implemenation could cause an infinite loop.
CVE-2025-48890
2025-06-24
CRITICAL
9.8
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in…
CVE-2025-43879
2025-06-24
CRITICAL
9.8
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in…
CVE-2025-43877
2025-06-24
MEDIUM
5.4
WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web…
CVE-2025-41427
2025-06-24
HIGH
8.8
WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability…
CVE-2025-36519
2025-06-24
MEDIUM
4.3
Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a specially crafted file is uploaded…
CVE-2025-52570
2025-06-24
N/A
0.0
Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary…
CVE-2025-52568
2025-06-24
N/A
0.0
NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that…
CVE-2025-52566
2025-06-24
HIGH
8.6
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned…
CVE-2025-47943
2025-06-24
MEDIUM
6.3
Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting…
CVE-2024-56731
2025-06-24
CRITICAL
10.0
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the…
CVE-2025-6560
2025-06-24
CRITICAL
9.8
Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access…
CVE-2025-6559
2025-06-24
CRITICAL
9.8
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS…
« Anterior
Página 232 de 3495
Siguiente »
Page load link
Go to Top
