Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2006-2192
2025-06-19
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-6268
2025-06-19
MEDIUM
4.3
A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of…
CVE-2025-49014
2025-06-19
N/A
0.0
jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime…
CVE-2025-48886
2025-06-19
MEDIUM
4.8
Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does…
CVE-2025-6267
2025-06-19
MEDIUM
6.3
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This…
CVE-2024-24916
2025-06-19
MEDIUM
6.5
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's…
CVE-2025-4738
2025-06-19
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL…
CVE-2025-6266
2025-06-19
MEDIUM
6.3
A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown…
CVE-2025-6019
2025-06-19
HIGH
7.0
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present…
CVE-2025-32896
2025-06-19
N/A
0.0
# Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. # Details…
CVE-2005-2347
2025-06-19
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-5234
2025-06-19
MEDIUM
6.4
The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up…
CVE-2025-5071
2025-06-19
HIGH
8.8
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a…
CVE-2025-49763
2025-06-19
N/A
0.0
ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions…
CVE-2025-31698
2025-06-19
N/A
0.0
ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use…
CVE-2016-3399
2025-06-19
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4965
2025-06-19
MEDIUM
6.4
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder…
CVE-2025-4571
2025-06-19
MEDIUM
5.4
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data…
CVE-2025-5490
2025-06-19
MEDIUM
5.5
The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
CVE-2025-5524
2025-06-19
MEDIUM
4.9
The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up…
CVE-2025-52474
2025-06-19
N/A
0.0
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the…
CVE-2025-50201
2025-06-19
CRITICAL
9.8
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in…
CVE-2025-4479
2025-06-19
MEDIUM
6.4
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison…
CVE-2025-4367
2025-06-19
MEDIUM
6.4
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions…
CVE-2025-6201
2025-06-19
MEDIUM
6.4
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable…
CVE-2025-52467
2025-06-19
CRITICAL
9.1
pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit…
CVE-2025-50183
2025-06-19
MEDIUM
6.5
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature…
CVE-2025-4661
2025-06-19
N/A
0.0
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access…
CVE-2025-50182
2025-06-19
MEDIUM
5.3
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and…
CVE-2025-50181
2025-06-19
MEDIUM
5.3
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all…
CVE-2025-24291
2025-06-19
MEDIUM
6.1
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file…
CVE-2025-24288
2025-06-19
CRITICAL
9.8
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default…
CVE-2025-24287
2025-06-19
MEDIUM
6.1
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with…
CVE-2025-24286
2025-06-19
HIGH
7.2
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVE-2025-23173
2025-06-19
HIGH
7.5
The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default,…
CVE-2025-23172
2025-06-19
HIGH
7.2
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add…
CVE-2025-23171
2025-06-19
HIGH
7.2
The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not…
CVE-2025-23170
2025-06-19
MEDIUM
6.7
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via…
CVE-2025-23169
2025-06-19
MEDIUM
6.1
The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the…
CVE-2025-23168
2025-06-19
MEDIUM
6.3
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa…
CVE-2025-23121
2025-06-19
CRITICAL
9.9
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVE-2024-45208
2025-06-19
CRITICAL
9.8
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over…
CVE-2025-49591
2025-06-18
N/A
0.0
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed,…
CVE-2025-49590
2025-06-18
N/A
0.0
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent…
CVE-2025-26199
2025-06-18
CRITICAL
9.8
An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of…
CVE-2025-6192
2025-06-18
HIGH
8.8
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-6191
2025-06-18
HIGH
8.8
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds…
CVE-2025-4955
2025-06-18
MEDIUM
4.7
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could…
CVE-2025-26198
2025-06-18
CRITICAL
9.8
CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The…
CVE-2025-44952
2025-06-18
HIGH
7.8
A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and…
« Anterior
Página 242 de 3495
Siguiente »
Page load link
Go to Top
