Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5978
2025-06-10
HIGH
8.8
A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of…
CVE-2025-4922
2025-06-11
HIGH
8.1
Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability,…
CVE-2025-5687
2025-06-11
HIGH
7.8
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects…
CVE-2025-5958
2025-06-11
HIGH
8.8
Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-4605
2025-06-11
MEDIUM
5.5
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor…
CVE-2025-49710
2025-06-11
CRITICAL
9.8
An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
CVE-2025-49709
2025-06-11
CRITICAL
9.8
Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
CVE-2025-47849
2025-06-10
HIGH
8.8
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the…
CVE-2025-47713
2025-06-10
HIGH
8.8
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the…
CVE-2025-35941
2025-06-11
MEDIUM
5.5
A password is exposed locally.
CVE-2025-35940
2025-06-10
HIGH
8.1
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT…
CVE-2025-32711
2025-06-11
CRITICAL
9.3
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-26521
2025-06-10
HIGH
8.1
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key…
CVE-2025-26412
2025-06-11
MEDIUM
6.8
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission…
CVE-2024-41505
2025-06-10
MEDIUM
6.1
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso"…
CVE-2024-41504
2025-06-10
MEDIUM
6.1
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when…
CVE-2024-41503
2025-06-10
MEDIUM
6.1
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save…
CVE-2024-41502
2025-06-10
MEDIUM
6.1
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas"…
CVE-2025-33053
2025-06-10
HIGH
8.8
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
CVE-2025-5144
2025-06-11
MEDIUM
6.4
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions…
CVE-2025-3302
2025-06-11
HIGH
7.2
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter…
CVE-2025-4573
2025-06-11
MEDIUM
4.1
Mattermost versions 10.7.x
CVE-2025-4128
2025-06-11
LOW
3.1
Mattermost versions 10.5.x
CVE-2025-4315
2025-06-11
HIGH
8.8
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,…
CVE-2025-41663
2025-06-11
HIGH
8.1
An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain…
CVE-2025-41662
2025-06-11
HIGH
8.8
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request…
CVE-2025-41661
2025-06-11
HIGH
8.8
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request…
CVE-2025-5991
2025-06-11
N/A
0.0
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP…
CVE-2025-29756
2025-06-11
N/A
0.0
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to…
CVE-2025-5395
2025-06-11
HIGH
8.8
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in…
CVE-2025-4799
2025-06-11
HIGH
7.2
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a…
CVE-2025-4798
2025-06-11
MEDIUM
4.9
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This…
CVE-2025-4666
2025-06-11
MEDIUM
6.4
The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to,…
CVE-2025-49793
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49792
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49791
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49790
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49789
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49788
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49787
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49786
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2025-49785
2025-06-11
N/A
0.0
Rejected reason: Not used
CVE-2024-1244
2025-06-11
N/A
0.0
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control…
CVE-2025-4275
2025-06-11
HIGH
7.8
Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
CVE-2025-49091
2025-06-11
HIGH
8.2
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers…
CVE-2025-47102
2025-06-10
N/A
0.0
Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid…
CVE-2025-47095
2025-06-10
N/A
0.0
Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid…
CVE-2025-32717
2025-06-11
HIGH
8.4
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-30675
2025-06-11
MEDIUM
4.7
In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource…
CVE-2025-1055
2025-06-11
MEDIUM
5.6
A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send…
« Anterior
Página 262 de 3495
Siguiente »
Page load link
Go to Top
