Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-49585
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker…
CVE-2025-49584
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title…
CVE-2025-49583
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and…
CVE-2025-49582
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored…
CVE-2025-48918
2025-06-13
HIGH
8.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue…
CVE-2025-48916
2025-06-13
MEDIUM
6.5
Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
CVE-2025-28384
2025-06-13
CRITICAL
9.1
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVE-2025-28382
2025-06-13
HIGH
7.5
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVE-2025-48919
2025-06-13
MEDIUM
5.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue…
CVE-2025-48917
2025-06-13
MEDIUM
5.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site…
CVE-2025-6052
2025-06-13
LOW
3.7
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already…
CVE-2025-6035
2025-06-13
MEDIUM
6.6
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due…
CVE-2025-49581
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can…
CVE-2025-49580
2025-06-13
N/A
0.0
XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or…
CVE-2025-46096
2025-06-13
MEDIUM
6.1
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVE-2025-46060
2025-06-13
CRITICAL
9.8
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVE-2025-28389
2025-06-13
CRITICAL
9.8
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2025-28388
2025-06-13
CRITICAL
9.8
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVE-2025-28381
2025-06-13
HIGH
7.5
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVE-2025-44091
2025-06-12
MEDIUM
5.4
yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
CVE-2025-6030
2025-06-13
N/A
0.0
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key…
CVE-2025-6029
2025-06-13
N/A
0.0
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob…
CVE-2025-45988
2025-06-13
CRITICAL
9.8
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3…
CVE-2025-36633
2025-06-13
HIGH
8.8
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily…
CVE-2025-45987
2025-06-13
CRITICAL
9.8
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3…
CVE-2025-45986
2025-06-13
CRITICAL
9.8
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3…
CVE-2025-45985
2025-06-13
CRITICAL
9.8
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3…
CVE-2025-45984
2025-06-13
CRITICAL
9.8
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3…
CVE-2025-36631
2025-06-13
HIGH
8.4
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite…
CVE-2025-28386
2025-06-13
N/A
0.0
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary…
CVE-2025-28380
2025-06-13
N/A
0.0
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2025-22240
2025-06-13
MEDIUM
6.3
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join…
CVE-2025-22239
2025-06-13
HIGH
8.1
Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary…
CVE-2025-22238
2025-06-13
MEDIUM
4.2
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which…
CVE-2025-22237
2025-06-13
MEDIUM
6.7
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git…
CVE-2025-22236
2025-06-13
HIGH
8.1
Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be…
CVE-2024-38825
2025-06-13
MEDIUM
6.4
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a…
CVE-2024-38823
2025-06-13
LOW
2.7
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
CVE-2025-49468
2025-06-13
N/A
0.0
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated…
CVE-2025-29902
2025-06-13
CRITICAL
10.0
Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
CVE-2025-49186
2025-06-12
MEDIUM
5.3
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it…
CVE-2025-49182
2025-06-12
HIGH
7.5
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker…
CVE-2025-48825
2025-06-13
LOW
2.5
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which…
CVE-2025-46783
2025-06-13
CRITICAL
9.8
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited,…
CVE-2025-36506
2025-06-13
MEDIUM
6.5
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0.…
CVE-2025-6012
2025-06-13
MEDIUM
5.5
The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
CVE-2025-39240
2025-06-13
HIGH
7.2
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid…
CVE-2024-38824
2025-06-13
CRITICAL
9.6
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
CVE-2025-5923
2025-06-13
MEDIUM
6.4
The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions…
CVE-2025-22242
2025-06-13
MEDIUM
5.6
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed…
« Anterior
Página 258 de 3495
Siguiente »
Page load link
Go to Top
