Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48881
2025-05-30
HIGH
8.3
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all…
CVE-2025-4353
2025-05-06
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is…
CVE-2025-4352
2025-05-06
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This…
CVE-2025-46341
2025-06-04
HIGH
7.1
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse…
CVE-2025-46204
2025-06-04
MEDIUM
6.5
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
CVE-2025-46203
2025-06-04
MEDIUM
6.5
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
CVE-2025-46011
2025-06-04
MEDIUM
6.5
Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
CVE-2025-43924
2025-06-03
MEDIUM
6.1
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the…
CVE-2025-43923
2025-06-03
MEDIUM
6.5
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point…
CVE-2025-31136
2025-06-04
MEDIUM
6.7
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds…
CVE-2025-29093
2025-06-04
HIGH
8.2
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images…
CVE-2025-23106
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads…
CVE-2025-23101
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-23096
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile…
CVE-2025-23095
2025-06-04
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile…
CVE-2025-20286
2025-06-04
CRITICAL
9.9
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services…
CVE-2024-11831
2025-02-10
MEDIUM
5.4
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such…
CVE-2024-40747
2025-01-07
MEDIUM
6.1
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVE-2024-40748
2025-01-07
HIGH
7.5
Lack of output escaping in the id attribute of menu lists.
CVE-2024-40749
2025-01-07
HIGH
7.5
Improper Access Controls allows access to protected views.
CVE-2025-22204
2025-02-04
CRITICAL
9.8
Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote…
CVE-2025-22205
2025-02-04
HIGH
7.5
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version…
CVE-2025-22206
2025-02-04
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22208
2025-02-15
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22209
2025-02-15
MEDIUM
4.7
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary…
CVE-2025-22210
2025-02-25
HIGH
7.2
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL…
CVE-2025-25226
2025-04-08
CRITICAL
9.8
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note:…
CVE-2025-25227
2025-04-08
HIGH
7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2024-10144
2025-05-15
MEDIUM
4.8
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of…
CVE-2024-10054
2025-05-15
MEDIUM
4.8
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10107
2025-05-15
MEDIUM
4.8
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which…
CVE-2024-10145
2025-05-15
MEDIUM
4.8
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-10504
2025-05-15
MEDIUM
5.4
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters…
CVE-2024-11109
2025-05-15
MEDIUM
4.8
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could…
CVE-2024-3996
2025-05-15
MEDIUM
6.1
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow…
CVE-2025-5609
2025-06-04
HIGH
8.8
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of…
CVE-2025-5608
2025-06-04
HIGH
8.8
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file…
CVE-2025-5607
2025-06-04
HIGH
8.8
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList…
CVE-2025-48935
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible…
CVE-2025-48934
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables…
CVE-2025-5606
2025-06-04
MEDIUM
6.3
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv…
CVE-2025-48888
2025-06-04
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2,…
CVE-2025-46339
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a…
CVE-2025-32015
2025-06-04
MEDIUM
6.7
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which…
CVE-2025-31482
2025-06-04
MEDIUM
4.3
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly…
CVE-2025-31134
2025-06-04
N/A
0.0
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server…
CVE-2025-22245
2025-06-04
MEDIUM
5.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244
2025-06-04
MEDIUM
6.9
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243
2025-06-04
HIGH
7.5
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-24015
2025-06-03
N/A
0.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM…
« Anterior
Página 299 de 3508
Siguiente »
Page load link
Go to Top
