Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-12429
2025-11-10
HIGH
8.8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2025-63384
2025-11-10
N/A
0.0
A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of…
CVE-2025-63149
2025-11-10
N/A
0.0
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-60876
2025-11-10
N/A
0.0
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled…
CVE-2025-56503
2025-11-10
N/A
0.0
An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with…
CVE-2025-47932
2025-11-10
HIGH
8.8
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an…
CVE-2025-33150
2025-11-10
MEDIUM
5.3
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages.
CVE-2025-12727
2025-11-10
N/A
0.0
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-12447
2025-11-10
N/A
0.0
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2025-12445
2025-11-10
N/A
0.0
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a…
CVE-2025-12437
2025-11-10
N/A
0.0
Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit…
CVE-2025-12431
2025-11-10
N/A
0.0
Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a…
CVE-2025-12430
2025-11-10
N/A
0.0
Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CVE-2025-12428
2025-11-10
N/A
0.0
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2025-63288
2025-11-10
N/A
0.0
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.
CVE-2025-47773
2025-11-10
HIGH
8.8
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an…
CVE-2025-47286
2025-11-10
N/A
0.0
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance,…
CVE-2025-63455
2025-11-10
HIGH
7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-43723
2025-11-10
MEDIUM
5.9
Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote…
CVE-2025-12967
2025-11-10
HIGH
8.0
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that…
CVE-2025-43079
2025-11-10
MEDIUM
6.3
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to MacOS and Linux supported versions that invoked multiple system commands without using absolute paths and without…
CVE-2025-63835
2025-11-10
N/A
0.0
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability…
CVE-2025-63834
2025-11-10
N/A
0.0
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious…
CVE-2025-63497
2025-11-10
N/A
0.0
The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL…
CVE-2025-63457
2025-11-10
N/A
0.0
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63456
2025-11-10
N/A
0.0
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63147
2025-11-10
N/A
0.0
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63154
2025-11-10
N/A
0.0
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63153
2025-11-10
N/A
0.0
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63152
2025-11-10
N/A
0.0
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-46430
2025-11-10
HIGH
7.3
Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially…
CVE-2025-12480
2025-11-10
CRITICAL
9.1
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
CVE-2025-8768
2025-11-10
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12020. Reason: This candidate is a reservation duplicate of CVE-2025-12020. Notes: All CVE users should reference…
CVE-2025-63712
2025-11-10
N/A
0.0
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests…
CVE-2025-63711
2025-11-10
HIGH
7.1
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions…
CVE-2025-64682
2025-11-10
LOW
2.7
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-64681
2025-11-10
LOW
2.7
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-63710
2025-11-10
N/A
0.0
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens,…
CVE-2025-63709
2025-11-10
N/A
0.0
A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not…
CVE-2025-12929
2025-11-10
HIGH
7.3
A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead…
CVE-2025-64690
2025-11-10
MEDIUM
5.4
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes
CVE-2025-64689
2025-11-10
CRITICAL
9.6
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token
CVE-2025-64688
2025-11-10
HIGH
7.4
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget
CVE-2025-64687
2025-11-10
MEDIUM
5.4
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
CVE-2025-64686
2025-11-10
LOW
3.1
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context
CVE-2025-64685
2025-11-10
HIGH
8.1
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVE-2025-64684
2025-11-10
MEDIUM
4.3
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-64683
2025-11-10
MEDIUM
5.3
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64457
2025-11-10
MEDIUM
4.2
In JetBrains dotTrace before 2025.2.5 local privilege escalation possible via race condition
CVE-2025-64456
2025-11-10
HIGH
8.4
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
« Anterior
Página 307 de 3934
Siguiente »
Page load link
Go to Top
