Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-22915
2024-01-19
HIGH
7.8
A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code…
CVE-2024-22913
2024-01-19
HIGH
7.8
A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code…
CVE-2024-22638
2024-01-25
CRITICAL
9.8
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
CVE-2024-22636
2024-01-25
HIGH
8.8
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability…
CVE-2024-22497
2024-01-23
MEDIUM
6.1
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted…
CVE-2024-10306
2025-04-23
MEDIUM
5.4
A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the…
CVE-2024-0814
2024-01-24
MEDIUM
6.5
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI…
CVE-2024-0812
2024-01-24
HIGH
8.8
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via…
CVE-2024-0808
2024-01-24
CRITICAL
9.8
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2024-0753
2024-01-23
MEDIUM
6.5
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox…
CVE-2024-0758
2024-01-19
MEDIUM
6.1
MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of…
CVE-2024-0743
2024-01-23
HIGH
7.5
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox <…
CVE-2024-0742
2024-01-23
MEDIUM
4.3
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to…
CVE-2024-0741
2024-01-23
MEDIUM
6.5
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable…
CVE-2024-0679
2024-01-20
MEDIUM
6.5
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function…
CVE-2023-7194
2024-01-22
MEDIUM
6.1
The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page,…
CVE-2023-7170
2024-01-22
MEDIUM
6.1
The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page,…
CVE-2023-6626
2024-01-22
MEDIUM
4.8
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could…
CVE-2023-7063
2024-01-20
HIGH
7.2
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up…
CVE-2023-52046
2024-01-25
MEDIUM
4.8
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a…
CVE-2023-52328
2024-01-23
MEDIUM
6.1
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an…
CVE-2023-52324
2024-01-23
HIGH
8.8
An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on…
CVE-2023-52353
2024-01-21
HIGH
7.5
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example,…
CVE-2023-52039
2024-01-24
CRITICAL
9.8
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52038
2024-01-24
CRITICAL
9.8
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
CVE-2023-51886
2024-01-24
HIGH
7.5
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial…
CVE-2023-51926
2024-01-20
HIGH
7.5
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
CVE-2023-51892
2024-01-20
CRITICAL
9.8
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the…
CVE-2023-51885
2024-01-24
CRITICAL
9.8
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of…
CVE-2023-50943
2024-01-24
HIGH
7.5
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing…
CVE-2023-50274
2024-01-23
HIGH
7.8
HPE OneView may allow command injection with local privilege escalation.
CVE-2023-50693
2024-01-19
CRITICAL
9.8
An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.
CVE-2023-47200
2024-01-23
HIGH
7.8
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to…
CVE-2023-47199
2024-01-23
HIGH
7.8
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges…
CVE-2023-47194
2024-01-23
HIGH
7.8
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges…
CVE-2023-47352
2024-01-22
HIGH
8.8
Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be…
CVE-2023-47035
2024-01-19
HIGH
7.5
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct…
CVE-2023-44001
2024-01-24
MEDIUM
5.4
An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the…
CVE-2023-43991
2024-01-24
MEDIUM
5.4
An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the…
CVE-2023-45889
2024-01-23
MEDIUM
6.1
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into…
CVE-2023-47033
2024-01-19
HIGH
7.5
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction.
CVE-2023-43990
2024-01-24
MEDIUM
5.4
An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel…
CVE-2023-35835
2024-01-23
CRITICAL
9.8
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial…
CVE-2023-41178
2024-01-23
MEDIUM
6.1
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that…
CVE-2023-41177
2024-01-23
MEDIUM
6.1
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that…
CVE-2023-42143
2024-01-23
MEDIUM
5.4
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an…
CVE-2023-33759
2024-01-25
CRITICAL
9.8
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a…
CVE-2021-42147
2024-01-24
CRITICAL
9.1
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a…
CVE-2023-31654
2024-01-23
CRITICAL
9.8
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
CVE-2020-36772
2024-01-22
MEDIUM
4.4
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to…
« Anterior
Página 337 de 3515
Siguiente »
Page load link
Go to Top
