Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2021-31160
2021-06-29
HIGH
7.5
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2020-28918
2021-02-16
MEDIUM
5.3
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an…
CVE-2020-28406
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about…
CVE-2020-28405
2021-01-29
HIGH
8.8
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges…
CVE-2020-28404
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing…
CVE-2020-28403
2021-01-29
HIGH
8.0
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the…
CVE-2020-8422
2020-01-31
MEDIUM
4.3
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user…
CVE-2020-28402
2021-01-29
MEDIUM
5.4
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration…
CVE-2020-28401
2021-01-29
MEDIUM
6.5
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details…
CVE-2020-26167
2020-11-04
CRITICAL
9.8
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any…
CVE-2020-26546
2020-10-12
HIGH
7.5
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to…
CVE-2020-15595
2020-09-30
MEDIUM
4.3
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included…
CVE-2020-15594
2020-09-30
MEDIUM
4.3
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an…
CVE-2023-45927
2024-03-27
CRITICAL
9.1
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
CVE-2024-3580
2024-05-17
MEDIUM
6.1
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-3231
2024-05-17
MEDIUM
6.1
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform…
CVE-2023-7252
2024-04-22
MEDIUM
5.3
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
CVE-2024-2761
2024-04-19
MEDIUM
6.8
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing…
CVE-2024-2309
2024-04-17
MEDIUM
4.8
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape…
CVE-2024-4924
2024-06-12
MEDIUM
6.1
The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow…
CVE-2023-31728
2024-02-17
HIGH
7.0
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on…
CVE-2025-48252
2025-05-19
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This…
CVE-2025-48144
2025-05-16
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For…
CVE-2025-48138
2025-05-16
MEDIUM
4.3
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI:…
CVE-2024-23985
2024-01-25
HIGH
7.5
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23902
2024-01-24
MEDIUM
4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to…
CVE-2024-23901
2024-01-24
MEDIUM
6.5
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing…
CVE-2024-23849
2024-01-23
MEDIUM
5.5
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting…
CVE-2024-23848
2024-01-23
MEDIUM
5.5
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
CVE-2024-23771
2024-01-22
CRITICAL
9.8
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers…
CVE-2024-23770
2024-01-22
MEDIUM
5.5
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
CVE-2024-23768
2024-01-22
HIGH
8.8
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and…
CVE-2024-23752
2024-01-22
CRITICAL
9.8
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that…
CVE-2024-23730
2024-01-21
CRITICAL
9.8
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load…
CVE-2024-23726
2024-01-21
HIGH
8.8
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in…
CVE-2024-23725
2024-01-21
MEDIUM
6.1
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
CVE-2024-23689
2024-01-19
HIGH
8.8
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to…
CVE-2024-23685
2024-01-19
MEDIUM
5.3
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to…
CVE-2024-23679
2024-01-19
CRITICAL
9.8
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use…
CVE-2024-23387
2024-01-19
MEDIUM
4.8
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with…
CVE-2024-23348
2024-01-23
HIGH
8.8
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x…
CVE-2024-23215
2024-01-23
MEDIUM
5.5
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3,…
CVE-2024-23214
2024-01-23
HIGH
8.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5…
CVE-2024-23182
2024-01-23
HIGH
8.1
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x…
CVE-2024-23212
2024-01-23
HIGH
7.8
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and…
CVE-2024-23209
2024-01-23
HIGH
8.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may…
CVE-2024-23204
2024-01-23
HIGH
7.5
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3…
CVE-2024-23203
2024-01-23
HIGH
7.5
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS…
CVE-2024-22663
2024-01-23
CRITICAL
9.8
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
CVE-2024-22956
2024-01-19
HIGH
7.8
swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838
« Anterior
Página 336 de 3515
Siguiente »
Page load link
Go to Top
