Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-6547
2025-06-23
N/A
0.0
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:
CVE-2025-6545
2025-06-23
N/A
0.0
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.…
CVE-2025-6518
2025-06-23
MEDIUM
6.3
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function…
CVE-2025-50349
2025-06-23
N/A
0.0
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.
CVE-2025-50348
2025-06-23
N/A
0.0
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php.
CVE-2025-49144
2025-06-23
HIGH
7.3
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in…
CVE-2025-49126
2025-06-23
HIGH
8.8
Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable…
CVE-2023-47029
2025-06-23
N/A
0.0
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via…
CVE-2025-6516
2025-06-23
MEDIUM
5.3
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len…
CVE-2025-6511
2025-06-23
HIGH
8.8
A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads…
CVE-2025-52969
2025-06-23
LOW
2.8
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the…
CVE-2023-47031
2025-06-23
N/A
0.0
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to…
CVE-2025-6510
2025-06-23
HIGH
8.8
A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the…
CVE-2025-6509
2025-06-23
LOW
3.5
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-4563
2025-06-23
LOW
2.7
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation…
CVE-2023-50450
2025-06-23
N/A
0.0
An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated…
CVE-2023-47295
2025-06-23
N/A
0.0
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload…
CVE-2023-47294
2025-06-23
N/A
0.0
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts…
CVE-2023-47032
2025-06-23
N/A
0.0
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to…
CVE-2025-52968
2025-06-23
LOW
2.7
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be…
CVE-2025-52967
2025-06-23
MEDIUM
5.8
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
CVE-2025-52879
2025-06-23
MEDIUM
4.8
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVE-2025-52878
2025-06-23
MEDIUM
4.3
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
CVE-2025-52877
2025-06-23
MEDIUM
4.8
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVE-2025-52876
2025-06-23
MEDIUM
5.4
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
CVE-2025-52875
2025-06-23
MEDIUM
5.4
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
CVE-2025-48700
2025-06-23
N/A
0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability…
CVE-2025-46101
2025-06-23
N/A
0.0
SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows…
CVE-2023-48978
2025-06-23
N/A
0.0
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a…
CVE-2023-47298
2025-06-23
N/A
0.0
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to…
CVE-2023-47297
2025-06-23
N/A
0.0
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing…
CVE-2025-2172
2025-06-23
N/A
0.0
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to…
CVE-2025-2171
2025-06-23
N/A
0.0
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries…
CVE-2025-6513
2025-06-23
CRITICAL
9.3
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
CVE-2025-6512
2025-06-23
CRITICAL
10.0
On a client with a non-admin user, a script can be integrated into a report. The reports could later be…
CVE-2025-52922
2025-06-23
HIGH
7.4
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could…
CVE-2025-52921
2025-06-23
CRITICAL
9.9
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code…
CVE-2025-52920
2025-06-23
MEDIUM
6.4
Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a…
CVE-2025-23049
2025-06-23
N/A
0.0
Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled.
CVE-2025-52939
2025-06-23
N/A
0.0
Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects…
CVE-2025-52938
2025-06-23
N/A
0.0
Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects NotepadNext:…
CVE-2025-52937
2025-06-23
N/A
0.0
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if…
CVE-2025-52936
2025-06-23
N/A
0.0
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.
CVE-2025-52935
2025-06-23
N/A
0.0
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue…
CVE-2025-27387
2025-06-23
HIGH
7.4
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
CVE-2024-45347
2025-06-23
CRITICAL
9.6
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic…
CVE-2025-6501
2025-06-23
HIGH
7.3
A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part…
CVE-2025-6500
2025-06-23
HIGH
7.3
A vulnerability, which was classified as critical, has been found in code-projects Inventory Management System 1.0. Affected by this issue…
CVE-2025-6499
2025-06-23
LOW
3.3
A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function…
CVE-2025-6498
2025-06-23
LOW
3.3
A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file…
« Anterior
Página 234 de 3495
Siguiente »
Page load link
Go to Top
