Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-26468
2025-06-09
HIGH
7.5
CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system…
CVE-2024-41797
2025-06-10
MEDIUM
4.3
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1),…
CVE-2025-5353
2025-06-10
HIGH
8.8
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2025-5335
2025-06-10
HIGH
7.8
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted…
CVE-2025-46612
2025-06-10
HIGH
7.2
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a…
CVE-2025-30145
2025-06-10
HIGH
7.5
GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…
CVE-2025-27505
2025-06-10
MEDIUM
5.3
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass…
CVE-2025-26395
2025-06-10
HIGH
7.1
SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The…
CVE-2025-26394
2025-06-10
MEDIUM
4.8
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could…
CVE-2025-22463
2025-06-10
HIGH
7.3
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment…
CVE-2025-22455
2025-06-10
HIGH
8.8
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2024-40625
2025-06-10
MEDIUM
5.5
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}…
CVE-2024-38524
2025-06-10
MEDIUM
5.3
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check…
CVE-2024-34711
2025-06-10
CRITICAL
9.3
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability…
CVE-2024-29198
2025-06-10
HIGH
7.5
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It…
CVE-2025-5911
2025-06-10
HIGH
8.8
A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some…
CVE-2025-5886
2025-06-09
LOW
3.5
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of…
CVE-2025-49136
2025-06-09
CRITICAL
9.0
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the…
CVE-2025-5934
2025-06-10
HIGH
8.8
A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function…
CVE-2025-5913
2025-06-10
HIGH
7.3
A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects…
CVE-2025-5912
2025-06-10
HIGH
8.8
A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file…
CVE-2025-49511
2025-06-10
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a…
CVE-2025-49510
2025-06-10
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This…
CVE-2025-49509
2025-06-10
MEDIUM
5.3
Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2025-49507
2025-06-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
CVE-2025-49455
2025-06-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
CVE-2025-49454
2025-06-10
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP…
CVE-2025-31019
2025-06-09
HIGH
8.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects…
CVE-2025-4774
2025-06-10
MEDIUM
6.4
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown…
CVE-2025-4577
2025-06-10
MEDIUM
6.4
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2025-43698
2025-06-10
N/A
0.0
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This…
CVE-2025-43697
2025-06-10
N/A
0.0
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
CVE-2025-2918
2025-06-10
MEDIUM
6.4
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in…
CVE-2025-41657
2025-06-10
MEDIUM
4.3
Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by…
CVE-2024-13090
2025-06-10
HIGH
7.0
A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local…
CVE-2024-13089
2025-06-10
HIGH
7.2
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.…
CVE-2025-40662
2025-06-10
N/A
0.0
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if…
CVE-2025-40661
2025-06-10
N/A
0.0
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to…
CVE-2025-40660
2025-06-10
N/A
0.0
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to…
CVE-2025-40659
2025-06-10
N/A
0.0
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to…
CVE-2025-40658
2025-06-10
N/A
0.0
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to…
CVE-2025-40657
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-40656
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-40655
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-40654
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-5743
2025-06-10
MEDIUM
5.5
CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause…
CVE-2025-5742
2025-06-10
MEDIUM
5.4
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters…
CVE-2025-5741
2025-06-10
MEDIUM
4.9
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads…
CVE-2025-5740
2025-06-10
HIGH
7.2
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes…
CVE-2025-5945
2025-06-10
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
« Anterior
Página 281 de 3505
Siguiente »
Page load link
Go to Top
