Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-54952
2025-05-29
HIGH
7.5
MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending…
CVE-2024-49350
2025-05-29
MEDIUM
6.5
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through…
CVE-2025-5324
2025-05-29
LOW
3.3
A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the…
CVE-2025-48336
2025-05-29
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6.
CVE-2025-46701
2025-05-29
HIGH
7.3
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply…
CVE-2025-32752
2025-05-29
MEDIUM
4.9
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access…
CVE-2025-5323
2025-05-29
LOW
3.7
A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email…
CVE-2025-46823
2025-05-29
N/A
0.0
openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the…
CVE-2025-29632
2025-05-29
MEDIUM
5.4
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP,…
CVE-2025-48475
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a…
CVE-2025-46722
2025-05-29
MEDIUM
4.2
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0,…
CVE-2025-46570
2025-05-29
LOW
2.6
vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt…
CVE-2024-51392
2025-05-29
HIGH
8.8
An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php…
CVE-2025-48474
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access…
CVE-2025-48473
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a…
CVE-2025-48472
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure…
CVE-2025-48471
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or…
CVE-2025-48390
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection…
CVE-2025-48389
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of…
CVE-2025-45474
2025-05-29
HIGH
7.3
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
CVE-2025-3913
2025-05-29
MEDIUM
5.3
Mattermost versions 10.7.x
CVE-2025-5334
2025-05-29
HIGH
7.5
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows…
CVE-2025-4081
2025-05-29
N/A
0.0
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious…
CVE-2025-48748
2025-05-29
CRITICAL
10.0
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
CVE-2024-22654
2025-05-29
HIGH
7.5
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
CVE-2024-22653
2025-05-29
MEDIUM
4.8
yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
CVE-2023-45929
2024-03-27
CRITICAL
9.1
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
CVE-2025-46688
2025-04-27
MEDIUM
5.6
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS…
CVE-2023-27113
2025-01-21
CRITICAL
9.8
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.
CVE-2023-27112
2025-01-21
CRITICAL
9.8
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.
CVE-2023-43850
2024-05-28
MEDIUM
6.5
Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated…
CVE-2023-43848
2024-05-28
HIGH
8.0
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated…
CVE-2023-43847
2024-05-28
MEDIUM
5.3
Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated…
CVE-2023-43846
2024-05-28
MEDIUM
5.3
Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to…
CVE-2023-43845
2024-05-28
CRITICAL
9.8
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change…
CVE-2023-43844
2024-05-28
HIGH
8.0
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to…
CVE-2023-43849
2024-05-28
MEDIUM
6.5
Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users…
CVE-2025-44084
2025-05-20
CRITICAL
9.8
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering…
CVE-2024-28061
2024-05-28
MEDIUM
6.3
An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to…
CVE-2024-28060
2024-05-28
HIGH
7.3
An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of…
CVE-2024-25676
2024-05-01
MEDIUM
4.7
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing…
CVE-2024-24720
2024-02-27
MEDIUM
5.3
An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether…
CVE-2024-24721
2024-02-27
MEDIUM
6.5
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force…
CVE-2023-50872
2024-04-16
HIGH
7.5
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about…
CVE-2023-48644
2024-03-05
MEDIUM
6.1
An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work…
CVE-2023-51711
2024-01-24
HIGH
7.8
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the…
CVE-2023-41103
2023-09-11
MEDIUM
5.4
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.
CVE-2023-29505
2023-08-04
MEDIUM
4.3
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
CVE-2023-35792
2023-07-31
MEDIUM
5.4
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
CVE-2023-35791
2023-07-31
MEDIUM
6.1
Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
« Anterior
Página 334 de 3515
Siguiente »
Page load link
Go to Top
