Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-51059
2024-01-16
HIGH
8.8
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges…
CVE-2023-50919
2024-01-12
CRITICAL
9.8
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern…
CVE-2023-50072
2024-01-13
MEDIUM
5.4
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user…
CVE-2023-50440
2023-12-13
MEDIUM
5.5
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification…
CVE-2023-4960
2024-01-11
MEDIUM
6.4
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and…
CVE-2023-4248
2024-01-11
MEDIUM
5.4
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is…
CVE-2023-49262
2024-01-12
CRITICAL
9.8
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active…
CVE-2023-49260
2024-01-12
MEDIUM
6.1
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It…
CVE-2023-49258
2024-01-12
MEDIUM
6.1
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability…
CVE-2023-49255
2024-01-12
CRITICAL
9.8
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in…
CVE-2023-47460
2024-01-16
HIGH
8.8
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.
CVE-2023-46942
2024-01-13
HIGH
7.5
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization…
CVE-2023-43449
2024-01-16
HIGH
8.8
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request…
CVE-2023-46749
2024-01-15
MEDIUM
6.5
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass…
CVE-2023-34061
2024-01-12
HIGH
7.5
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use…
CVE-2023-30015
2024-01-12
CRITICAL
9.8
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information…
CVE-2023-30014
2024-01-12
CRITICAL
9.8
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information…
CVE-2024-35057
2024-05-21
HIGH
7.5
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.
CVE-2022-48620
2024-01-12
CRITICAL
9.8
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.
CVE-2016-20021
2024-01-12
CRITICAL
9.8
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file…
CVE-2024-35056
2024-05-21
CRITICAL
9.8
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
CVE-2024-43027
2024-08-21
HIGH
8.0
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain…
CVE-2025-27522
2025-05-28
MEDIUM
6.5
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a…
CVE-2024-41334
2025-02-27
HIGH
8.8
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926…
CVE-2024-41338
2025-02-27
HIGH
7.5
A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925…
CVE-2024-27343
2024-04-03
MEDIUM
5.5
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information…
CVE-2024-27344
2024-04-03
HIGH
7.8
Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2024-27345
2024-04-03
LOW
3.3
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information…
CVE-2024-27346
2024-04-03
MEDIUM
5.5
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information…
CVE-2024-31584
2024-04-19
MEDIUM
5.5
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2023-50010
2024-04-19
HIGH
7.8
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c…
CVE-2023-50009
2024-04-19
HIGH
8.0
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5…
CVE-2023-50008
2024-04-19
HIGH
7.8
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9…
CVE-2023-50007
2024-04-19
MEDIUM
4.0
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
CVE-2023-49502
2024-04-19
HIGH
8.8
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the…
CVE-2023-49501
2024-04-19
HIGH
8.0
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the…
CVE-2024-32166
2024-04-19
HIGH
8.8
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now…
CVE-2024-27335
2024-04-03
HIGH
7.8
Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2024-27336
2024-04-03
MEDIUM
5.5
Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information…
CVE-2024-27337
2024-04-03
HIGH
7.8
Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2024-27338
2024-04-03
HIGH
7.8
Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2024-27339
2024-04-03
HIGH
7.8
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2024-27340
2024-04-03
HIGH
7.8
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2024-27341
2024-04-03
HIGH
7.8
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2024-27342
2024-04-03
HIGH
7.8
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
CVE-2025-5154
2025-05-25
LOW
2.3
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function…
CVE-2025-32813
2025-05-22
HIGH
7.2
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
CVE-2025-44892
2025-05-21
MEDIUM
6.5
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
CVE-2025-44895
2025-05-21
MEDIUM
6.5
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
CVE-2025-27997
2025-05-21
HIGH
8.4
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into…
« Anterior
Página 320 de 3511
Siguiente »
Page load link
Go to Top
