Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-31223
2023-04-25
HIGH
8.7
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2023-28151
2023-03-24
MEDIUM
5.3
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via…
CVE-2023-28152
2023-03-24
MEDIUM
5.3
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via…
CVE-2023-26098
2023-04-25
HIGH
8.2
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted…
CVE-2023-26099
2023-04-24
MEDIUM
4.4
An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.
CVE-2023-26097
2023-04-24
HIGH
8.4
An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be…
CVE-2023-28150
2023-03-24
MEDIUM
5.3
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via…
CVE-2022-45167
2023-01-10
MEDIUM
4.3
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to…
CVE-2022-45166
2023-01-10
MEDIUM
6.5
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled…
CVE-2022-45165
2023-01-10
MEDIUM
6.5
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that…
CVE-2022-45164
2023-01-10
MEDIUM
4.3
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to…
CVE-2022-38482
2023-01-10
MEDIUM
4.3
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
CVE-2022-38481
2023-01-10
MEDIUM
6.1
An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in…
CVE-2022-37028
2022-09-27
MEDIUM
5.4
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to…
CVE-2022-36443
2023-01-10
HIGH
7.8
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels…
CVE-2022-36442
2023-01-10
MEDIUM
5.5
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible…
CVE-2022-36441
2023-01-10
HIGH
7.1
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to…
CVE-2022-34910
2023-02-27
MEDIUM
4.1
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to…
CVE-2022-34909
2023-02-27
HIGH
7.7
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which…
CVE-2022-34908
2023-02-27
HIGH
8.2
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however,…
CVE-2022-30332
2023-01-10
MEDIUM
5.3
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending…
CVE-2022-29931
2022-06-25
MEDIUM
6.1
The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-24967
2022-06-02
MEDIUM
6.5
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).
CVE-2022-24447
2022-03-02
MEDIUM
6.5
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a…
CVE-2022-24446
2022-03-01
MEDIUM
4.3
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all…
CVE-2021-44035
2021-12-17
MEDIUM
4.4
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious…
CVE-2021-43978
2021-12-08
HIGH
7.1
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data…
CVE-2021-42110
2021-12-08
HIGH
7.1
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM…
CVE-2021-42111
2021-11-10
MEDIUM
5.5
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a…
CVE-2021-41320
2021-10-15
MEDIUM
5.5
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated…
CVE-2021-38618
2021-10-04
HIGH
7.4
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a…
CVE-2021-38617
2021-09-07
HIGH
8.8
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to…
CVE-2021-38616
2021-09-07
HIGH
7.6
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user…
CVE-2021-38615
2021-09-07
MEDIUM
6.3
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest,…
CVE-2021-32018
2021-08-03
HIGH
8.5
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to…
CVE-2021-31399
2021-08-13
MEDIUM
4.6
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
CVE-2021-32016
2021-08-03
CRITICAL
9.9
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a…
CVE-2021-32017
2021-08-03
CRITICAL
9.9
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the…
CVE-2021-31531
2021-06-29
CRITICAL
9.8
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2021-31530
2021-06-29
HIGH
7.5
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVE-2021-31777
2021-04-28
MEDIUM
4.9
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL…
CVE-2021-31160
2021-06-29
HIGH
7.5
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2020-28918
2021-02-16
MEDIUM
5.3
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an…
CVE-2020-28406
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about…
CVE-2020-28405
2021-01-29
HIGH
8.8
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges…
CVE-2020-28404
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing…
CVE-2020-28403
2021-01-29
HIGH
8.0
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the…
CVE-2020-8422
2020-01-31
MEDIUM
4.3
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user…
CVE-2020-28402
2021-01-29
MEDIUM
5.4
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration…
CVE-2020-28401
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details…
« Anterior
Página 335 de 3515
Siguiente »
Page load link
Go to Top
