Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5899
2025-06-09
MEDIUM
5.3
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of…
CVE-2025-5898
2025-06-09
MEDIUM
5.3
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file…
CVE-2025-5897
2025-06-09
MEDIUM
4.3
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the…
CVE-2025-5896
2025-06-09
MEDIUM
4.3
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown…
CVE-2025-5895
2025-06-09
MEDIUM
4.3
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the…
CVE-2025-4801
2025-06-10
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All…
CVE-2025-4678
2025-06-10
N/A
0.0
Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
CVE-2025-4653
2025-06-10
N/A
0.0
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM…
CVE-2025-49143
2025-06-10
N/A
0.0
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by…
CVE-2025-49142
2025-06-10
N/A
0.0
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or…
CVE-2025-49141
2025-06-09
HIGH
8.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite`…
CVE-2025-49139
2025-06-09
MEDIUM
5.3
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the…
CVE-2025-48937
2025-06-10
MEDIUM
4.9
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does…
CVE-2025-48879
2025-06-10
MEDIUM
6.5
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken…
CVE-2025-48067
2025-06-10
MEDIUM
5.4
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability…
CVE-2025-47110
2025-06-10
CRITICAL
9.1
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that…
CVE-2025-49138
2025-06-09
MEDIUM
6.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated…
CVE-2025-49137
2025-06-09
HIGH
8.5
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application…
CVE-2025-44043
2025-06-10
N/A
0.0
Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify…
CVE-2025-43586
2025-06-10
HIGH
8.1
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could…
CVE-2025-43585
2025-06-10
HIGH
8.2
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result…
CVE-2025-43701
2025-06-10
HIGH
7.5
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version…
CVE-2025-43700
2025-06-10
HIGH
7.5
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
CVE-2025-43699
2025-06-10
MEDIUM
5.3
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This…
CVE-2025-40591
2025-06-10
HIGH
7.7
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5),…
CVE-2025-40585
2025-06-10
CRITICAL
9.9
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This…
CVE-2025-40569
2025-06-10
MEDIUM
4.8
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-40568
2025-06-10
MEDIUM
4.3
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-40567
2025-06-10
MEDIUM
6.5
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2),…
CVE-2025-30220
2025-06-10
CRITICAL
9.9
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of…
CVE-2025-37100
2025-06-10
HIGH
7.7
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A…
CVE-2025-27819
2025-06-10
HIGH
7.5
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not…
CVE-2025-27207
2025-06-10
MEDIUM
6.5
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could…
CVE-2025-27206
2025-06-10
MEDIUM
5.3
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could…
CVE-2025-27818
2025-06-10
HIGH
8.8
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or…
CVE-2025-27817
2025-06-10
HIGH
7.5
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration…
CVE-2025-26468
2025-06-09
HIGH
7.5
CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system…
CVE-2024-41797
2025-06-10
MEDIUM
4.3
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1),…
CVE-2025-5353
2025-06-10
HIGH
8.8
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2025-5335
2025-06-10
HIGH
7.8
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted…
CVE-2025-46612
2025-06-10
HIGH
7.2
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a…
CVE-2025-30145
2025-06-10
HIGH
7.5
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…
CVE-2025-27505
2025-06-10
MEDIUM
5.3
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass…
CVE-2025-26395
2025-06-10
HIGH
7.1
SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The…
CVE-2025-26394
2025-06-10
MEDIUM
4.8
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could…
CVE-2025-22463
2025-06-10
HIGH
7.3
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment…
CVE-2025-22455
2025-06-10
HIGH
8.8
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2024-40625
2025-06-10
MEDIUM
5.5
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}…
CVE-2024-38524
2025-06-10
MEDIUM
5.3
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check…
CVE-2024-34711
2025-06-10
CRITICAL
9.3
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability…
« Anterior
Página 272 de 3496
Siguiente »
Page load link
Go to Top
