Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-64312
2025-11-28
MEDIUM
4.9
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58311
2025-11-28
MEDIUM
5.8
UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-58308
2025-11-28
HIGH
7.3
Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2025-58305
2025-11-28
MEDIUM
6.2
Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58304
2025-11-28
MEDIUM
4.9
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58302
2025-11-28
HIGH
8.4
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-64315
2025-11-28
MEDIUM
4.4
Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
CVE-2025-64314
2025-11-28
CRITICAL
9.3
Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2025-64313
2025-11-28
MEDIUM
5.3
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-64311
2025-11-28
MEDIUM
5.1
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58316
2025-11-28
HIGH
7.3
DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58315
2025-11-28
MEDIUM
5.5
Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58314
2025-11-28
MEDIUM
6.6
Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-58312
2025-11-28
MEDIUM
5.1
Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58310
2025-11-28
HIGH
8.0
Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58309
2025-11-28
MEDIUM
6.8
Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-58307
2025-11-28
MEDIUM
6.4
UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58303
2025-11-28
HIGH
8.4
UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58294
2025-11-28
MEDIUM
6.2
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-13683
2025-11-28
MEDIUM
6.5
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
CVE-2025-59792
2025-11-28
MEDIUM
5.3
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0,…
CVE-2025-59790
2025-11-28
MEDIUM
5.4
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-51736
2025-11-28
MEDIUM
6.3
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVE-2025-51735
2025-11-28
HIGH
7.5
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVE-2025-51734
2025-11-28
MEDIUM
5.4
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVE-2025-51733
2025-11-28
MEDIUM
5.5
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVE-2025-12183
2025-11-28
N/A
0.0
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
CVE-2025-12638
2025-11-28
HIGH
8.0
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method…
CVE-2025-11156
2025-11-28
N/A
0.0
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly…
CVE-2025-12143
2025-11-28
MEDIUM
6.1
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2025-66386
2025-11-28
MEDIUM
4.1
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
CVE-2025-66385
2025-11-28
N/A
0.0
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying…
CVE-2025-66384
2025-11-28
HIGH
8.2
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
CVE-2025-66382
2025-11-28
LOW
2.9
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
CVE-2025-66372
2025-11-28
LOW
2.8
Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
CVE-2025-66371
2025-11-28
MEDIUM
5.0
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content…
CVE-2025-66370
2025-11-28
MEDIUM
5.0
Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.
CVE-2025-13737
2025-11-28
MEDIUM
4.3
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing…
CVE-2025-66361
2025-11-28
N/A
0.0
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
CVE-2025-66360
2025-11-28
N/A
0.0
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to…
CVE-2025-66359
2025-11-28
HIGH
8.5
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
CVE-2025-13338
2025-11-27
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-3261
2025-11-27
N/A
0.0
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The…
CVE-2025-12421
2025-11-27
CRITICAL
9.9
Mattermost versions 11.0.x
CVE-2025-12419
2025-11-27
CRITICAL
9.9
Mattermost versions 10.12.x
CVE-2025-12559
2025-11-27
MEDIUM
4.3
Mattermost versions 11.0.x
CVE-2025-13765
2025-11-27
N/A
0.0
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
CVE-2025-13758
2025-11-27
N/A
0.0
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
CVE-2025-13757
2025-11-27
N/A
0.0
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
CVE-2025-8890
2025-11-27
N/A
0.0
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker…
« Anterior
Página 265 de 3934
Siguiente »
Page load link
Go to Top
