Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-22241
2025-06-13
MEDIUM
5.6
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create…
CVE-2024-38822
2025-06-13
LOW
2.7
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.
CVE-2025-4229
2025-06-13
N/A
0.0
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view…
CVE-2025-4227
2025-06-13
N/A
0.0
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app…
CVE-2025-5815
2025-06-13
MEDIUM
5.3
The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-5282
2025-06-13
HIGH
7.5
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss…
CVE-2025-5950
2025-06-13
MEDIUM
6.4
The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to,…
CVE-2025-5939
2025-06-13
MEDIUM
4.4
The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up…
CVE-2025-5938
2025-06-13
MEDIUM
5.3
The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2025-5930
2025-06-13
MEDIUM
4.3
The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This…
CVE-2025-5928
2025-06-13
MEDIUM
4.3
The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-5926
2025-06-13
MEDIUM
6.1
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4.…
CVE-2025-5841
2025-06-13
MEDIUM
6.4
The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions…
CVE-2025-5491
2025-06-13
HIGH
8.8
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to…
CVE-2025-5288
2025-06-13
CRITICAL
9.8
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable…
CVE-2025-5233
2025-06-13
MEDIUM
6.4
The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up…
CVE-2025-5123
2025-06-13
MEDIUM
6.4
The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter…
CVE-2025-4586
2025-06-13
MEDIUM
6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions…
CVE-2025-4585
2025-06-13
MEDIUM
6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions…
CVE-2025-4584
2025-06-13
MEDIUM
6.4
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions…
CVE-2025-47959
2025-06-13
HIGH
7.1
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute…
CVE-2025-30399
2025-06-13
HIGH
7.5
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-4232
2025-06-13
N/A
0.0
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows…
CVE-2025-4231
2025-06-13
N/A
0.0
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root…
CVE-2025-4230
2025-06-13
N/A
0.0
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run…
CVE-2025-4228
2025-06-13
N/A
0.0
An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute…
CVE-2025-4233
2025-06-12
N/A
0.0
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control…
CVE-2025-41234
2025-06-12
MEDIUM
6.5
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected…
CVE-2025-41233
2025-06-12
MEDIUM
6.8
Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue…
CVE-2025-49589
2025-06-12
N/A
0.0
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of…
CVE-2025-27689
2025-06-12
HIGH
7.8
Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access…
CVE-2025-6031
2025-06-12
HIGH
7.5
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and…
CVE-2025-5485
2025-06-12
HIGH
8.6
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier…
CVE-2025-5484
2025-06-12
HIGH
8.3
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices…
CVE-2025-4418
2025-06-12
MEDIUM
4.4
An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if…
CVE-2025-4417
2025-06-12
MEDIUM
5.5
A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an…
CVE-2025-48699
2025-06-12
N/A
0.0
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions…
CVE-2025-44019
2025-06-12
HIGH
7.1
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to…
CVE-2025-36539
2025-06-12
MEDIUM
6.5
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to…
CVE-2025-2745
2025-06-12
MEDIUM
6.5
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an…
CVE-2025-49579
2025-06-12
MEDIUM
6.5
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using…
CVE-2025-49578
2025-06-12
MEDIUM
6.5
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are…
CVE-2025-49577
2025-06-12
MEDIUM
6.5
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw…
CVE-2025-49576
2025-06-12
MEDIUM
6.5
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are…
CVE-2025-49575
2025-06-12
MEDIUM
6.5
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the…
CVE-2025-49081
2025-06-12
N/A
0.0
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55.…
CVE-2025-43866
2025-06-12
N/A
0.0
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless…
CVE-2025-43863
2025-06-12
N/A
0.0
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party…
CVE-2025-5982
2025-06-12
LOW
3.7
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0…
CVE-2025-49080
2025-06-12
N/A
0.0
There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to…
« Anterior
Página 259 de 3495
Siguiente »
Page load link
Go to Top
