Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-55567
2025-06-12
HIGH
7.5
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01,…
CVE-2023-45256
2025-06-12
N/A
0.0
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL…
CVE-2025-49467
2025-06-12
N/A
0.0
A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to…
CVE-2025-46035
2025-06-12
HIGH
7.5
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized…
CVE-2025-36573
2025-06-12
HIGH
7.1
Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user…
CVE-2025-29744
2025-06-12
N/A
0.0
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
CVE-2024-7562
2025-06-12
N/A
0.0
A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured.…
CVE-2024-44906
2025-06-12
N/A
0.0
uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.
CVE-2024-44905
2025-06-12
N/A
0.0
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVE-2025-49200
2025-06-12
MEDIUM
6.5
The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup…
CVE-2025-49199
2025-06-12
HIGH
8.8
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup…
CVE-2025-49198
2025-06-12
LOW
3.1
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token…
CVE-2025-49197
2025-06-12
MEDIUM
6.5
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access…
CVE-2025-49196
2025-06-12
MEDIUM
6.5
A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information,…
CVE-2025-49195
2025-06-12
MEDIUM
5.3
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising…
CVE-2025-49194
2025-06-12
HIGH
7.5
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to…
CVE-2025-49193
2025-06-12
MEDIUM
4.2
The application fails to implement several security headers. These headers help increase the overall security level of the web application…
CVE-2025-49192
2025-06-12
MEDIUM
4.3
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to…
CVE-2024-56158
2025-06-12
N/A
0.0
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like…
CVE-2025-49191
2025-06-12
MEDIUM
4.8
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as…
CVE-2025-49190
2025-06-12
MEDIUM
4.3
The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to…
CVE-2025-49189
2025-06-12
MEDIUM
5.3
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via…
CVE-2025-49188
2025-06-12
MEDIUM
5.3
The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
CVE-2025-49187
2025-06-12
MEDIUM
5.3
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect…
CVE-2025-49185
2025-06-12
MEDIUM
5.5
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript…
CVE-2025-49184
2025-06-12
HIGH
7.5
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the…
CVE-2025-49183
2025-06-12
HIGH
7.5
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the…
CVE-2025-49181
2025-06-12
HIGH
8.6
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An…
CVE-2024-9512
2025-06-12
MEDIUM
5.3
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0…
CVE-2025-6021
2025-06-12
HIGH
7.5
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based…
CVE-2025-5195
2025-06-12
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-0673
2025-06-12
HIGH
7.5
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0…
CVE-2025-5996
2025-06-12
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0…
CVE-2025-4278
2025-06-12
HIGH
8.7
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html…
CVE-2025-2254
2025-06-12
HIGH
8.7
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0…
CVE-2025-1516
2025-06-12
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0…
CVE-2025-1478
2025-06-12
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-6003
2025-06-12
MEDIUM
5.3
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on…
CVE-2025-4613
2025-06-12
N/A
0.0
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code…
CVE-2025-5301
2025-06-12
MEDIUM
6.1
ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening…
CVE-2025-40592
2025-06-12
MEDIUM
6.1
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions…
CVE-2025-5012
2025-06-12
HIGH
8.8
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads…
CVE-2025-4973
2025-06-12
CRITICAL
9.8
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in…
CVE-2025-35978
2025-06-12
HIGH
7.1
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091…
CVE-2025-6009
2025-06-12
MEDIUM
4.7
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality…
CVE-2025-6008
2025-06-12
MEDIUM
4.7
A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2025-6007
2025-06-12
MEDIUM
4.7
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the…
CVE-2025-6006
2025-06-12
MEDIUM
4.7
A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing…
CVE-2025-6005
2025-06-12
MEDIUM
4.7
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php.…
CVE-2022-4976
2025-06-12
N/A
0.0
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled…
« Anterior
Página 260 de 3495
Siguiente »
Page load link
Go to Top
