Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-39780
2023-09-11
HIGH
8.8
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the…
CVE-2025-31200
2025-04-16
HIGH
7.5
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS…
CVE-2024-56145
2024-12-18
CRITICAL
9.8
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions…
CVE-2025-3935
2025-04-25
HIGH
8.1
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState…
CVE-2024-23550
2024-02-03
MEDIUM
6.2
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2024-23553
2024-02-02
LOW
3.0
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific…
CVE-2024-23741
2024-01-28
CRITICAL
9.8
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode…
CVE-2024-22022
2024-02-07
HIGH
8.8
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash…
CVE-2024-22241
2024-02-06
MEDIUM
4.3
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload…
CVE-2024-22238
2024-02-06
MEDIUM
6.4
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject…
CVE-2024-21888
2024-01-31
HIGH
8.8
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows…
CVE-2024-22236
2024-01-31
LOW
3.3
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10,…
CVE-2024-20979
2024-01-16
MEDIUM
5.4
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0,…
CVE-2024-20971
2024-01-16
MEDIUM
4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and…
CVE-2024-20969
2024-01-16
MEDIUM
5.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and…
CVE-2024-20959
2024-01-16
MEDIUM
4.4
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected…
CVE-2024-20955
2024-01-16
LOW
3.7
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions…
CVE-2024-21673
2024-01-16
HIGH
8.8
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote…
CVE-2024-1143
2024-02-02
CRITICAL
9.3
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user…
CVE-2024-20938
2024-01-16
MEDIUM
6.1
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily…
CVE-2024-20936
2024-01-16
MEDIUM
6.1
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13.…
CVE-2024-20914
2024-01-16
LOW
2.3
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected…
CVE-2024-20912
2024-01-16
LOW
2.7
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability…
CVE-2024-20910
2024-01-16
LOW
3.0
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit…
CVE-2023-45718
2024-02-09
LOW
3.9
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner…
CVE-2023-50933
2024-02-02
MEDIUM
6.1
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which…
CVE-2024-1077
2024-01-30
HIGH
8.8
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption…
CVE-2023-51812
2024-01-04
CRITICAL
9.8
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.
CVE-2023-50342
2024-01-03
HIGH
7.1
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about…
CVE-2023-49739
2023-12-14
HIGH
7.1
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.
CVE-2023-37531
2024-02-29
LOW
3.3
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to…
CVE-2023-37530
2024-02-29
LOW
3.0
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to…
CVE-2023-37529
2024-02-29
LOW
3.0
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to…
CVE-2023-45696
2024-02-10
MEDIUM
4.0
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user…
CVE-2023-45716
2024-02-09
LOW
1.7
Sametime is impacted by sensitive information passed in URL.
CVE-2023-45190
2024-02-09
MEDIUM
5.1
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by…
CVE-2023-31002
2024-02-07
MEDIUM
5.1
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a…
CVE-2023-34042
2024-02-05
MEDIUM
4.1
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be…
CVE-2023-37528
2024-02-03
MEDIUM
6.5
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to…
CVE-2023-37527
2024-02-02
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker…
CVE-2023-37523
2024-01-16
MEDIUM
5.6
Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an…
CVE-2022-40713
2022-09-19
MEDIUM
6.5
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the…
CVE-2022-23767
2022-09-19
HIGH
8.8
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer.…
CVE-2022-40712
2022-09-19
MEDIUM
6.1
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
CVE-2022-38577
2022-09-19
HIGH
8.8
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate…
CVE-2022-38833
2022-09-16
HIGH
7.2
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.
CVE-2022-38832
2022-09-16
HIGH
7.2
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.
CVE-2021-42949
2022-09-16
CRITICAL
9.8
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication…
CVE-2025-20677
2025-06-02
MEDIUM
5.5
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial…
CVE-2025-20676
2025-06-02
MEDIUM
5.5
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local…
« Anterior
Página 312 de 3509
Siguiente »
Page load link
Go to Top
