Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-36528
2025-06-09
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
CVE-2025-27709
2025-06-09
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
CVE-2025-5872
2025-06-09
MEDIUM
5.3
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown…
CVE-2025-5871
2025-06-09
MEDIUM
5.3
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some…
CVE-2025-40675
2025-06-09
N/A
0.0
A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript…
CVE-2025-5870
2025-06-09
HIGH
7.3
A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is…
CVE-2025-5869
2025-06-09
HIGH
8.0
A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file…
CVE-2025-5894
2025-06-09
HIGH
8.8
Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access…
CVE-2025-5868
2025-06-09
HIGH
8.0
A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of…
CVE-2025-5867
2025-06-09
HIGH
8.0
A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c.…
CVE-2025-5893
2025-06-09
CRITICAL
9.8
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access…
CVE-2025-5866
2025-06-09
HIGH
8.0
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c.…
CVE-2025-5864
2025-06-09
LOW
3.7
A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this…
CVE-2025-4652
2025-06-09
N/A
0.0
The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2025-47712
2025-06-09
MEDIUM
4.3
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When…
CVE-2025-47711
2025-06-09
MEDIUM
4.3
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If…
CVE-2025-3582
2025-06-09
N/A
0.0
The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high…
CVE-2025-3581
2025-06-09
N/A
0.0
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back…
CVE-2025-25209
2025-06-09
MEDIUM
5.7
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are…
CVE-2025-25208
2025-06-09
MEDIUM
5.7
A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
CVE-2025-25207
2025-06-09
MEDIUM
5.7
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows…
CVE-2025-5858
2025-06-09
MEDIUM
6.3
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is…
CVE-2025-5857
2025-06-09
MEDIUM
6.3
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown…
CVE-2025-5856
2025-06-09
HIGH
7.3
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown…
CVE-2025-3461
2025-06-08
CRITICAL
9.1
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication…
CVE-2025-3460
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an…
CVE-2025-3459
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an…
CVE-2025-35010
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command…
CVE-2025-35009
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command…
CVE-2025-35008
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command…
CVE-2025-35007
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command…
CVE-2025-35006
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command…
CVE-2025-35005
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command…
CVE-2025-35004
2025-06-08
HIGH
7.1
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command…
CVE-2025-32459
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command…
CVE-2025-32458
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command…
CVE-2025-32457
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command…
CVE-2025-32456
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command…
CVE-2025-32455
2025-06-08
HIGH
7.7
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command…
CVE-2025-5847
2025-06-08
HIGH
8.8
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-27563
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27247
2025-06-08
MEDIUM
5.5
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27242
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2025-27131
2025-06-08
MEDIUM
6.1
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2025-26693
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-26691
2025-06-08
MEDIUM
5.5
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-25217
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-24493
2025-06-08
MEDIUM
5.5
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVE-2025-23235
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-21082
2025-06-08
LOW
3.3
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
« Anterior
Página 286 de 3505
Siguiente »
Page load link
Go to Top
