Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-23782
2024-01-28
MEDIUM
5.4
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x…
CVE-2023-49038
2024-01-29
HIGH
7.2
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto…
CVE-2025-31682
2025-03-31
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue…
CVE-2025-31683
2025-03-31
MEDIUM
6.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0…
CVE-2025-31680
2025-03-31
MEDIUM
6.8
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0…
CVE-2025-25090
2025-03-03
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This…
CVE-2024-40112
2025-06-02
MEDIUM
5.9
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows…
CVE-2023-7200
2024-01-29
MEDIUM
6.1
The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2023-6279
2024-01-29
HIGH
7.1
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users,…
CVE-2023-50854
2023-12-28
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This…
CVE-2023-46838
2024-01-29
HIGH
7.5
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial…
CVE-2025-5036
2025-06-02
HIGH
7.8
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor…
CVE-2025-49113
2025-06-02
CRITICAL
9.9
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in…
CVE-2024-48704
2025-05-23
MEDIUM
6.1
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVE-2025-31681
2025-03-31
CRITICAL
9.8
Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.
CVE-2024-41511
2024-10-04
LOW
3.9
A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary…
CVE-2024-41512
2024-10-04
HIGH
8.8
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary…
CVE-2024-41513
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web…
CVE-2024-41514
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web…
CVE-2024-41515
2024-10-04
MEDIUM
5.4
A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick
CVE-2024-41516
2024-10-04
MEDIUM
5.4
A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick
CVE-2024-46325
2024-10-07
MEDIUM
5.5
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.
CVE-2025-48995
2025-06-02
N/A
0.0
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned…
CVE-2025-48994
2025-06-02
N/A
0.0
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned…
CVE-2024-8008
2025-06-02
MEDIUM
5.2
A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages…
CVE-2024-7074
2025-06-02
MEDIUM
6.8
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin…
CVE-2024-7073
2025-06-02
MEDIUM
6.5
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services.…
CVE-2024-3509
2025-06-02
MEDIUM
4.3
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation…
CVE-2024-1440
2025-06-02
MEDIUM
5.4
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication…
CVE-2025-48941
2025-06-02
MEDIUM
5.3
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly,…
CVE-2025-48940
2025-06-02
HIGH
7.2
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input…
CVE-2025-48866
2025-06-02
HIGH
7.5
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to…
CVE-2024-57459
2025-06-02
HIGH
7.3
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly…
CVE-2025-37096
2025-06-02
N/A
0.0
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37095
2025-06-02
N/A
0.0
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
CVE-2025-20001
2025-06-02
MEDIUM
6.5
An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can…
CVE-2024-54028
2025-06-02
HIGH
8.4
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file…
CVE-2024-52035
2025-06-02
HIGH
8.4
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted…
CVE-2024-48877
2025-06-02
HIGH
8.4
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially…
CVE-2025-5447
2025-06-02
MEDIUM
6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical.…
CVE-2025-37094
2025-06-02
MEDIUM
5.5
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
CVE-2025-37093
2025-06-02
CRITICAL
9.8
An authentication bypass vulnerability exists in HPE StoreOnce Software.
CVE-2025-37092
2025-06-02
N/A
0.0
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37091
2025-06-02
HIGH
7.2
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37090
2025-06-02
N/A
0.0
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
CVE-2025-37089
2025-06-02
N/A
0.0
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2024-57783
2025-06-02
HIGH
8.1
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are…
CVE-2025-5446
2025-06-02
MEDIUM
6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical.…
CVE-2025-5445
2025-06-02
MEDIUM
6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by…
CVE-2025-46806
2025-06-02
N/A
0.0
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh…
« Anterior
Página 322 de 3512
Siguiente »
Page load link
Go to Top
