Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-13243
2025-01-09
MEDIUM
6.5
Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.
CVE-2024-13242
2025-01-09
CRITICAL
9.1
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.
CVE-2024-10075
2025-05-15
MEDIUM
5.6
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible…
CVE-2024-40400
2024-07-19
HIGH
8.8
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via…
CVE-2024-13241
2025-01-09
CRITICAL
9.1
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0…
CVE-2024-13240
2025-01-09
HIGH
7.5
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from…
CVE-2024-13239
2025-01-09
CRITICAL
9.8
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
CVE-2023-5934
2025-05-15
HIGH
7.3
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when…
CVE-2025-40581
2025-05-13
HIGH
7.1
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices…
CVE-2025-40580
2025-05-13
MEDIUM
6.7
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow.…
CVE-2025-40579
2025-05-13
MEDIUM
6.7
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow.…
CVE-2025-40578
2025-05-13
MEDIUM
4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet…
CVE-2025-40577
2025-05-13
MEDIUM
4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets.…
CVE-2025-40576
2025-05-13
MEDIUM
4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets.…
CVE-2024-13238
2025-01-09
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects…
CVE-2025-40574
2025-05-13
HIGH
7.8
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical…
CVE-2025-40572
2025-05-13
MEDIUM
5.5
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical…
CVE-2024-13237
2025-01-09
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting…
CVE-2024-8854
2025-05-15
MEDIUM
5.4
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow…
CVE-2024-8851
2025-05-15
MEDIUM
5.4
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow…
CVE-2023-5932
2025-05-15
MEDIUM
4.8
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before…
CVE-2024-13250
2025-01-09
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony…
CVE-2023-5529
2025-05-15
MEDIUM
4.8
The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could…
CVE-2025-3742
2025-05-15
MEDIUM
6.8
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting…
CVE-2024-13255
2025-01-09
HIGH
7.5
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web…
CVE-2024-2870
2024-07-13
MEDIUM
6.1
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2024-2696
2024-07-12
MEDIUM
4.8
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-46330
2024-09-26
HIGH
7.4
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.
CVE-2024-50305
2024-11-14
HIGH
7.5
Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server:…
CVE-2025-5594
2025-06-04
HIGH
7.3
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of…
CVE-2025-5593
2025-06-04
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of…
CVE-2025-27955
2025-06-02
MEDIUM
6.5
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a…
CVE-2025-27954
2025-06-02
MEDIUM
6.5
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via…
CVE-2024-23941
2024-02-01
MEDIUM
5.4
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow…
CVE-2024-23851
2024-01-23
MEDIUM
5.5
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because…
CVE-2024-23746
2024-02-02
CRITICAL
9.8
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable…
CVE-2024-23744
2024-01-21
HIGH
7.5
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3…
CVE-2024-23731
2024-01-21
CRITICAL
9.8
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.
CVE-2024-23681
2024-01-19
HIGH
8.2
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using…
CVE-2024-23452
2024-02-08
HIGH
7.5
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause…
CVE-2024-23304
2024-02-06
HIGH
7.5
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing…
CVE-2024-23453
2024-01-24
MEDIUM
5.5
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded…
CVE-2024-50306
2024-11-14
CRITICAL
9.1
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from…
CVE-2024-23223
2024-01-23
MEDIUM
6.2
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3,…
CVE-2024-23219
2024-01-23
MEDIUM
6.2
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection…
CVE-2024-23218
2024-01-23
MEDIUM
5.9
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS…
CVE-2024-23301
2024-01-12
MEDIUM
5.5
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to…
CVE-2024-23180
2024-01-23
HIGH
8.8
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x…
CVE-2024-23210
2024-01-23
LOW
3.3
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3,…
CVE-2024-23208
2024-01-23
HIGH
7.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3,…
« Anterior
Página 304 de 3509
Siguiente »
Page load link
Go to Top
