Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-62474
2025-12-09
HIGH
7.8
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62473
2025-12-09
MEDIUM
6.5
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-62472
2025-12-09
HIGH
7.8
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-62470
2025-12-09
HIGH
7.8
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62469
2025-12-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62468
2025-12-09
MEDIUM
4.4
Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.
CVE-2025-62467
2025-12-09
HIGH
7.8
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62466
2025-12-09
HIGH
7.8
Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-62465
2025-12-09
MEDIUM
6.5
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62464
2025-12-09
HIGH
7.8
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62463
2025-12-09
MEDIUM
6.5
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62462
2025-12-09
HIGH
7.8
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62461
2025-12-09
HIGH
7.8
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62458
2025-12-09
HIGH
7.8
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-62457
2025-12-09
HIGH
7.8
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62456
2025-12-09
HIGH
8.8
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
CVE-2025-62455
2025-12-09
HIGH
7.8
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2025-62454
2025-12-09
HIGH
7.8
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-61258
2025-12-09
N/A
0.0
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via crafted content-length value mismatching the body length.
CVE-2025-61078
2025-12-09
N/A
0.0
Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php…
CVE-2025-59517
2025-12-09
HIGH
7.8
Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59516
2025-12-09
HIGH
7.8
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55233
2025-12-09
HIGH
7.8
Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-54100
2025-12-09
HIGH
7.8
Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.
CVE-2025-34414
2025-12-09
N/A
0.0
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure…
CVE-2025-34413
2025-12-09
N/A
0.0
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy,…
CVE-2025-34396
2025-12-09
N/A
0.0
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from…
CVE-2025-33214
2025-12-09
HIGH
8.8
NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to…
CVE-2025-33213
2025-12-09
HIGH
8.8
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead…
CVE-2025-13924
2025-12-09
MEDIUM
4.3
The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due…
CVE-2024-47570
2025-12-09
MEDIUM
6.6
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11;…
CVE-2025-65289
2025-12-09
N/A
0.0
A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN to inject JavaScript…
CVE-2025-65288
2025-12-09
N/A
0.0
A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper…
CVE-2025-63742
2025-12-09
N/A
0.0
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other…
CVE-2025-63740
2025-12-09
N/A
0.0
SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other…
CVE-2025-63739
2025-12-09
N/A
0.0
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a…
CVE-2025-63738
2025-12-09
N/A
0.0
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.
CVE-2025-63737
2025-12-09
N/A
0.0
Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m…
CVE-2025-56704
2025-12-09
N/A
0.0
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability…
CVE-2023-23729
2025-12-09
MEDIUM
5.4
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2023-22675
2025-12-09
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
CVE-2022-47425
2025-12-09
MEDIUM
4.3
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
CVE-2022-46845
2025-12-09
MEDIUM
5.3
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
CVE-2025-9638
2025-12-09
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This…
CVE-2025-9368
2025-12-09
N/A
0.0
A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
CVE-2025-6924
2025-12-09
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
CVE-2025-6923
2025-12-09
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
CVE-2025-67580
2025-12-09
MEDIUM
5.3
Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through
CVE-2025-67579
2025-12-09
MEDIUM
5.3
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through
CVE-2025-67578
2025-12-09
MEDIUM
5.3
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through
« Anterior
Página 241 de 3934
Siguiente »
Page load link
Go to Top
