Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-50562
2025-06-10
MEDIUM
4.8
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0…
CVE-2024-45329
2025-06-10
MEDIUM
4.3
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8…
CVE-2024-43706
2025-06-10
HIGH
7.6
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
CVE-2024-32119
2025-06-10
MEDIUM
4.8
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge…
CVE-2023-48786
2025-06-10
MEDIUM
4.3
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated…
CVE-2023-29184
2025-06-10
LOW
3.2
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before…
CVE-2023-20599
2025-06-10
HIGH
7.9
Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP)…
CVE-2025-5952
2025-06-10
HIGH
7.3
A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the…
CVE-2025-5910
2025-06-10
HIGH
8.8
A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is…
CVE-2025-5909
2025-06-10
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function…
CVE-2025-5908
2025-06-10
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some…
CVE-2025-5907
2025-06-10
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the…
CVE-2025-5914
2025-06-09
LOW
3.9
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow…
CVE-2025-5906
2025-06-10
HIGH
7.3
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the…
CVE-2025-5905
2025-06-10
HIGH
8.8
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the…
CVE-2025-5904
2025-06-10
HIGH
8.8
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the…
CVE-2025-5903
2025-06-10
HIGH
8.8
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of…
CVE-2025-5902
2025-06-09
HIGH
8.8
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the…
CVE-2025-5901
2025-06-09
HIGH
8.8
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of…
CVE-2025-5900
2025-06-09
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation…
CVE-2025-5899
2025-06-09
MEDIUM
5.3
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of…
CVE-2025-5898
2025-06-09
MEDIUM
5.3
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file…
CVE-2025-5897
2025-06-09
MEDIUM
4.3
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the…
CVE-2025-5896
2025-06-09
MEDIUM
4.3
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown…
CVE-2025-5895
2025-06-09
MEDIUM
4.3
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the…
CVE-2025-4801
2025-06-10
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All…
CVE-2025-4678
2025-06-10
N/A
0.0
Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
CVE-2025-4653
2025-06-10
N/A
0.0
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM…
CVE-2025-49143
2025-06-10
N/A
0.0
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by…
CVE-2025-49142
2025-06-10
N/A
0.0
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or…
CVE-2025-49141
2025-06-09
HIGH
8.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite`…
CVE-2025-49139
2025-06-09
MEDIUM
5.3
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the…
CVE-2025-48937
2025-06-10
MEDIUM
4.9
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does…
CVE-2025-48879
2025-06-10
MEDIUM
6.5
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken…
CVE-2025-48067
2025-06-10
MEDIUM
5.4
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability…
CVE-2025-47110
2025-06-10
CRITICAL
9.1
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that…
CVE-2025-49138
2025-06-09
MEDIUM
6.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated…
CVE-2025-49137
2025-06-09
HIGH
8.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application…
CVE-2025-44043
2025-06-10
N/A
0.0
Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify…
CVE-2025-43586
2025-06-10
HIGH
8.1
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could…
CVE-2025-43585
2025-06-10
HIGH
8.2
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result…
CVE-2025-43701
2025-06-10
HIGH
7.5
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version…
CVE-2025-43700
2025-06-10
HIGH
7.5
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
CVE-2025-43699
2025-06-10
MEDIUM
5.3
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This…
CVE-2025-40591
2025-06-10
HIGH
7.7
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5),…
CVE-2025-40585
2025-06-10
CRITICAL
9.9
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This…
CVE-2025-40569
2025-06-10
MEDIUM
4.8
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-40568
2025-06-10
MEDIUM
4.3
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-40567
2025-06-10
MEDIUM
6.5
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-30220
2025-06-10
CRITICAL
9.9
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of…
« Anterior
Página 270 de 3495
Siguiente »
Page load link
Go to Top
