Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-44083
2025-05-21
CRITICAL
9.8
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication
CVE-2024-41339
2025-02-27
HIGH
8.8
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor…
CVE-2024-54188
2025-05-22
MEDIUM
5.3
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
CVE-2024-41340
2025-02-27
HIGH
8.4
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to…
CVE-2024-41592
2024-10-03
HIGH
8.0
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters…
CVE-2025-4696
2025-05-15
MEDIUM
6.3
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this…
CVE-2025-32814
2025-05-22
CRITICAL
9.8
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
CVE-2025-32815
2025-05-22
MEDIUM
6.5
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CVE-2025-5149
2025-05-25
MEDIUM
5.6
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-5150
2025-05-25
MEDIUM
6.3
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is…
CVE-2025-5151
2025-05-25
MEDIUM
5.3
A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of…
CVE-2025-5152
2025-05-25
MEDIUM
6.3
A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the…
CVE-2025-5153
2025-05-25
LOW
3.5
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown…
CVE-2024-46256
2024-09-27
CRITICAL
9.8
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
CVE-2024-46257
2024-09-27
MEDIUM
6.3
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's…
CVE-2023-49528
2024-04-12
HIGH
8.0
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of…
CVE-2024-6119
2024-09-03
HIGH
7.5
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory…
CVE-2025-5137
2025-05-25
MEDIUM
4.7
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the…
CVE-2024-0579
2024-01-16
MEDIUM
6.3
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of…
CVE-2025-40909
2025-05-30
MEDIUM
5.9
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is…
CVE-2025-3576
2025-04-15
MEDIUM
5.9
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the…
CVE-2023-48863
2023-12-04
HIGH
7.5
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application,…
CVE-2023-48842
2023-12-01
CRITICAL
9.8
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
CVE-2023-4387
2023-08-16
HIGH
7.1
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This…
CVE-2023-48645
2024-02-02
HIGH
7.8
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with…
CVE-2025-44115
2025-06-02
MEDIUM
5.4
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of…
CVE-2024-40114
2025-06-02
MEDIUM
6.1
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker…
CVE-2024-40113
2025-06-02
MEDIUM
6.5
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
CVE-2023-51842
2024-01-29
HIGH
7.5
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVE-2024-23782
2024-01-28
MEDIUM
5.4
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x…
CVE-2023-49038
2024-01-29
HIGH
7.2
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto…
CVE-2025-31682
2025-03-31
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue…
CVE-2025-31683
2025-03-31
MEDIUM
6.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0…
CVE-2025-31680
2025-03-31
MEDIUM
6.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0…
CVE-2025-25090
2025-03-03
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This…
CVE-2024-40112
2025-06-02
MEDIUM
5.9
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows…
CVE-2023-7200
2024-01-29
MEDIUM
6.1
The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2023-6279
2024-01-29
HIGH
7.1
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users,…
CVE-2023-50854
2023-12-28
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This…
CVE-2023-46838
2024-01-29
HIGH
7.5
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial…
CVE-2025-5036
2025-06-02
HIGH
7.8
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor…
CVE-2025-49113
2025-06-02
CRITICAL
9.9
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in…
CVE-2024-48704
2025-05-23
MEDIUM
6.1
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVE-2025-31681
2025-03-31
CRITICAL
9.8
Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.
CVE-2024-41511
2024-10-04
LOW
3.9
A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary…
CVE-2024-41512
2024-10-04
HIGH
8.8
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary…
CVE-2024-41513
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web…
CVE-2024-41514
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web…
CVE-2024-41515
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick
CVE-2024-41516
2024-10-04
MEDIUM
5.4
A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick
« Anterior
Página 321 de 3511
Siguiente »
Page load link
Go to Top
