Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-26396
2025-06-02
HIGH
7.8
The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability…
CVE-2024-12168
2025-06-02
N/A
0.0
Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
CVE-2025-5444
2025-06-02
MEDIUM
6.3
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected…
CVE-2025-5443
2025-06-02
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected…
CVE-2025-48990
2025-06-02
N/A
0.0
NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally…
CVE-2025-48958
2025-06-02
MEDIUM
5.5
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal…
CVE-2025-48957
2025-06-02
HIGH
7.5
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12…
CVE-2025-48955
2025-06-02
MEDIUM
6.2
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8…
CVE-2025-48495
2025-06-02
N/A
0.0
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an…
CVE-2025-46807
2025-06-02
N/A
0.0
A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in…
CVE-2025-5442
2025-06-02
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001.…
CVE-2025-5441
2025-06-02
MEDIUM
6.3
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects…
CVE-2025-48494
2025-06-02
N/A
0.0
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site…
CVE-2025-47289
2025-06-02
MEDIUM
6.3
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions…
CVE-2025-47272
2025-06-02
MEDIUM
5.5
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their…
CVE-2025-3454
2025-06-02
MEDIUM
5.0
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in…
CVE-2025-29785
2025-06-02
HIGH
7.5
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was…
CVE-2025-1246
2025-06-02
HIGH
7.8
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm…
CVE-2025-0819
2025-06-02
HIGH
7.8
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm…
CVE-2025-0073
2025-06-02
HIGH
7.8
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver…
CVE-2025-5440
2025-06-02
MEDIUM
6.3
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects…
CVE-2025-5439
2025-06-02
MEDIUM
6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical.…
CVE-2025-3260
2025-06-02
HIGH
8.3
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all…
CVE-2025-1750
2025-06-02
CRITICAL
9.8
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker…
CVE-2025-5455
2025-06-02
N/A
0.0
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and,…
CVE-2025-5438
2025-06-02
MEDIUM
6.3
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical.…
CVE-2025-5437
2025-06-02
MEDIUM
5.3
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the…
CVE-2025-5436
2025-06-02
MEDIUM
5.3
A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown…
CVE-2025-5435
2025-06-02
HIGH
7.3
A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code…
CVE-2025-5113
2025-06-02
N/A
0.0
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are…
CVE-2025-0358
2025-06-02
HIGH
8.8
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration…
CVE-2025-0325
2025-06-02
MEDIUM
4.3
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to…
CVE-2025-0324
2025-06-02
CRITICAL
9.4
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVE-2025-5434
2025-06-02
HIGH
7.3
A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an…
CVE-2025-5433
2025-06-02
MEDIUM
6.3
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown…
CVE-2025-4010
2025-06-02
N/A
0.0
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators.…
CVE-2025-1235
2025-06-02
MEDIUM
4.3
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed…
CVE-2025-5432
2025-06-02
MEDIUM
6.3
A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2025-5431
2025-06-02
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the…
CVE-2025-3951
2025-06-02
MEDIUM
4.1
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow…
CVE-2025-1485
2025-06-02
MEDIUM
4.8
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not…
CVE-2025-5430
2025-06-02
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing…
CVE-2025-5429
2025-06-02
MEDIUM
6.3
A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the…
CVE-2025-49112
2025-06-02
LOW
3.1
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
CVE-2025-25179
2025-06-02
HIGH
7.8
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write…
CVE-2025-5428
2025-06-02
MEDIUM
6.3
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of…
CVE-2025-5427
2025-06-02
MEDIUM
6.3
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue…
CVE-2024-11857
2025-06-02
HIGH
7.8
Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link…
CVE-2025-5426
2025-06-02
MEDIUM
6.3
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability…
CVE-2025-5425
2025-06-02
MEDIUM
6.3
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown…
« Anterior
Página 323 de 3512
Siguiente »
Page load link
Go to Top
