Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-27199
2024-03-04
HIGH
7.3
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVE-2022-32810
2022-08-24
HIGH
7.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6…
CVE-2022-32793
2022-08-24
HIGH
7.5
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7,…
CVE-2022-26776
2022-05-26
CRITICAL
9.8
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An…
CVE-2022-26775
2022-05-26
CRITICAL
9.8
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey…
CVE-2022-26774
2022-05-26
HIGH
7.8
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local…
CVE-2022-26773
2022-05-26
HIGH
7.1
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application…
CVE-2022-26772
2022-05-26
HIGH
7.8
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application…
CVE-2022-26771
2022-05-26
HIGH
7.8
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS…
CVE-2024-20082
2024-08-14
CRITICAL
9.8
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code…
CVE-2024-20083
2024-08-14
CRITICAL
9.8
In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to…
CVE-2025-40573
2025-05-13
MEDIUM
4.4
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This…
CVE-2025-40575
2025-05-13
MEDIUM
4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets.…
CVE-2025-40582
2025-05-13
HIGH
7.8
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices…
CVE-2025-40583
2025-05-13
MEDIUM
4.4
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices…
CVE-2023-40490
2024-05-07
HIGH
7.8
Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2025-4679
2025-05-16
MEDIUM
6.5
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
CVE-2024-6487
2024-07-29
MEDIUM
5.9
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow…
CVE-2024-6366
2024-07-29
CRITICAL
9.1
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files…
CVE-2024-6021
2024-07-30
MEDIUM
6.8
The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored…
CVE-2024-3113
2024-07-30
MEDIUM
5.9
The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and…
CVE-2024-36782
2024-06-03
CRITICAL
9.8
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as…
CVE-2024-34009
2024-05-31
HIGH
7.5
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not…
CVE-2024-34007
2024-05-31
HIGH
8.8
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged…
CVE-2024-34006
2024-05-31
MEDIUM
4.3
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in…
CVE-2024-34001
2024-05-31
HIGH
8.4
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.
CVE-2024-34000
2024-05-31
MEDIUM
4.3
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
CVE-2024-33999
2024-05-31
CRITICAL
9.8
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVE-2024-33998
2024-05-31
MEDIUM
5.4
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some…
CVE-2024-33997
2024-05-31
MEDIUM
6.1
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
CVE-2024-33996
2024-05-31
MEDIUM
6.2
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events…
CVE-2023-30309
2024-05-28
MEDIUM
5.7
An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of…
CVE-2024-42191
2025-05-30
MEDIUM
6.5
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify…
CVE-2024-42190
2025-05-30
MEDIUM
6.5
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify…
CVE-2024-23589
2025-05-30
MEDIUM
6.8
Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary…
CVE-2024-13917
2025-05-30
N/A
0.0
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by…
CVE-2024-13916
2025-05-30
N/A
0.0
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by…
CVE-2024-13915
2025-05-30
N/A
0.0
Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version…
CVE-2025-4992
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release…
CVE-2025-4991
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE…
CVE-2025-4990
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x…
CVE-2025-4989
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows…
CVE-2025-4988
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE…
CVE-2025-4986
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x…
CVE-2025-4985
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE…
CVE-2025-4984
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker…
CVE-2025-4983
2025-05-30
HIGH
8.7
A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker…
CVE-2025-3611
2025-05-30
LOW
3.1
Mattermost versions 10.7.x
CVE-2025-3230
2025-05-30
MEDIUM
5.4
Mattermost versions 10.7.x
CVE-2025-2571
2025-05-30
MEDIUM
4.2
Mattermost versions 10.7.x
« Anterior
Página 332 de 3515
Siguiente »
Page load link
Go to Top
