Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48938
2025-05-30
N/A
0.0
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified…
CVE-2025-48885
2025-05-30
N/A
0.0
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able…
CVE-2025-48883
2025-05-30
N/A
0.0
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector…
CVE-2025-5358
2025-05-30
HIGH
7.3
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this…
CVE-2025-5357
2025-05-30
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-5054
2025-05-30
MEDIUM
4.7
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse…
CVE-2025-48887
2025-05-30
MEDIUM
6.5
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability…
CVE-2023-26226
2025-05-30
N/A
0.0
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
CVE-2025-5356
2025-05-30
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function…
CVE-2025-45846
2025-05-08
HIGH
8.8
ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.
CVE-2025-45847
2025-05-08
MEDIUM
6.5
ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
CVE-2025-3475
2025-04-09
MEDIUM
6.5
Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects…
CVE-2025-23247
2025-05-27
MEDIUM
4.4
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length…
CVE-2025-31675
2025-03-31
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue…
CVE-2025-31673
2025-03-31
MEDIUM
4.6
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0…
CVE-2024-55638
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from…
CVE-2024-55637
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from…
CVE-2024-55636
2024-12-10
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from…
CVE-2024-55635
2024-12-10
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This…
CVE-2024-55634
2024-12-10
HIGH
8.1
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9,…
CVE-2024-12393
2024-12-10
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This…
CVE-2024-11942
2024-12-05
MEDIUM
5.9
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
CVE-2024-11941
2024-12-05
HIGH
7.5
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
CVE-2024-22628
2024-01-16
HIGH
7.2
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
CVE-2024-21672
2024-01-16
HIGH
8.8
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote…
CVE-2023-52104
2024-01-16
HIGH
7.5
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52100
2024-01-16
HIGH
7.5
The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.
CVE-2023-52116
2024-01-16
HIGH
7.5
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
CVE-2023-52108
2024-01-16
HIGH
7.5
Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52109
2024-01-16
HIGH
7.5
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-39691
2024-01-16
CRITICAL
9.8
An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.
CVE-2023-48926
2024-01-16
MEDIUM
5.3
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change…
CVE-2023-49351
2024-01-16
CRITICAL
9.8
A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other…
CVE-2023-3178
2024-01-16
MEDIUM
4.3
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could…
CVE-2023-2655
2024-01-16
HIGH
7.2
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it…
CVE-2023-0079
2024-01-16
MEDIUM
5.4
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before…
CVE-2022-3899
2024-01-16
HIGH
8.1
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager…
CVE-2022-3194
2024-01-16
MEDIUM
5.4
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to…
CVE-2022-1760
2024-01-16
MEDIUM
4.3
The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could…
CVE-2022-1609
2024-01-16
CRITICAL
9.8
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a…
CVE-2021-4227
2024-01-16
MEDIUM
5.3
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers…
CVE-2021-24869
2024-01-16
HIGH
8.8
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it…
CVE-2021-24433
2024-01-16
MEDIUM
5.4
The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims",…
CVE-2024-8997
2025-03-18
CRITICAL
9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL…
CVE-2025-30466
2025-05-29
CRITICAL
9.8
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4,…
CVE-2025-31189
2025-05-29
HIGH
8.2
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4,…
CVE-2025-31198
2025-05-29
MEDIUM
5.5
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4,…
CVE-2025-31199
2025-05-29
MEDIUM
5.5
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS…
CVE-2025-31231
2025-05-29
MEDIUM
5.5
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be…
CVE-2025-31261
2025-05-29
MEDIUM
5.5
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4,…
« Anterior
Página 328 de 3514
Siguiente »
Page load link
Go to Top
