Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-40656
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-40655
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-40654
2025-06-10
N/A
0.0
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update…
CVE-2025-5743
2025-06-10
MEDIUM
5.5
CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause…
CVE-2025-5742
2025-06-10
MEDIUM
5.4
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters…
CVE-2025-5741
2025-06-10
MEDIUM
4.9
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads…
CVE-2025-5740
2025-06-10
HIGH
7.2
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes…
CVE-2025-5945
2025-06-10
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4681
2025-06-10
N/A
0.0
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access:…
CVE-2025-4680
2025-06-10
N/A
0.0
Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2025-3905
2025-06-10
MEDIUM
5.4
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause…
CVE-2025-3899
2025-06-10
MEDIUM
5.4
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could…
CVE-2025-3898
2025-06-10
MEDIUM
6.5
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request…
CVE-2025-3117
2025-06-10
MEDIUM
5.4
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause…
CVE-2025-3116
2025-06-10
MEDIUM
6.5
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed…
CVE-2025-3112
2025-06-10
MEDIUM
6.5
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS…
CVE-2025-4954
2025-06-10
N/A
0.0
The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users…
CVE-2025-1041
2025-06-10
CRITICAL
9.9
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted…
CVE-2025-5935
2025-06-10
MEDIUM
5.3
A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is…
CVE-2025-3076
2025-06-10
MEDIUM
6.4
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all…
CVE-2025-5925
2025-06-10
MEDIUM
4.3
The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
CVE-2025-4601
2025-06-10
HIGH
8.8
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to,…
CVE-2025-4387
2025-06-10
HIGH
8.8
The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation…
CVE-2024-55595
2025-06-10
N/A
0.0
Rejected reason: Not used
CVE-2025-42998
2025-06-10
MEDIUM
5.3
The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403…
CVE-2025-42996
2025-06-10
MEDIUM
5.6
SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to…
CVE-2025-42995
2025-06-10
HIGH
7.5
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access…
CVE-2025-42994
2025-06-10
HIGH
7.5
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access…
CVE-2025-42993
2025-06-10
MEDIUM
6.7
Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound…
CVE-2025-42991
2025-06-10
MEDIUM
4.3
SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment…
CVE-2025-42990
2025-06-10
LOW
3.0
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal…
CVE-2025-42989
2025-06-10
CRITICAL
9.6
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation…
CVE-2025-42988
2025-06-10
LOW
3.7
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal…
CVE-2025-42987
2025-06-10
MEDIUM
4.3
SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user…
CVE-2025-42984
2025-06-10
MEDIUM
5.4
SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an…
CVE-2025-42983
2025-06-10
HIGH
8.5
SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in…
CVE-2025-42982
2025-06-10
HIGH
8.8
SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the…
CVE-2025-42977
2025-06-10
HIGH
7.6
SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged…
CVE-2025-31325
2025-06-10
MEDIUM
5.8
Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into…
CVE-2025-23192
2025-06-10
HIGH
8.2
SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When…
CVE-2025-0037
2025-06-10
MEDIUM
6.6
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware…
CVE-2025-0036
2025-06-10
LOW
3.2
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data…
CVE-2025-30515
2025-06-09
CRITICAL
9.8
CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVE-2025-30507
2025-06-09
MEDIUM
5.3
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVE-2025-30183
2025-06-09
HIGH
7.5
CyberData 011209 Intercom does not properly store or protect web server admin credentials.
CVE-2025-49140
2025-06-09
HIGH
7.5
Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP…
CVE-2025-30184
2025-06-09
CRITICAL
9.8
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-49004
2025-06-09
HIGH
7.5
Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding,…
CVE-2025-5918
2025-06-09
LOW
3.9
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into…
CVE-2025-5917
2025-06-09
LOW
2.8
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes…
« Anterior
Página 282 de 3505
Siguiente »
Page load link
Go to Top
