Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-41178
2024-01-23
MEDIUM
6.1
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that…
CVE-2023-41177
2024-01-23
MEDIUM
6.1
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that…
CVE-2023-42143
2024-01-23
MEDIUM
5.4
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an…
CVE-2023-33759
2024-01-25
CRITICAL
9.8
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a…
CVE-2021-42147
2024-01-24
CRITICAL
9.1
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a…
CVE-2023-31654
2024-01-23
CRITICAL
9.8
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
CVE-2020-36772
2024-01-22
MEDIUM
4.4
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to…
CVE-2017-20189
2024-01-22
CRITICAL
9.8
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This…
CVE-2024-28809
2024-09-30
HIGH
8.8
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers…
CVE-2024-28810
2024-09-30
MEDIUM
6.6
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows…
CVE-2024-28811
2024-09-30
LOW
3.3
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications…
CVE-2024-28812
2024-09-30
HIGH
8.8
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with…
CVE-2024-28813
2024-09-30
HIGH
8.4
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker…
CVE-2024-28807
2024-09-30
MEDIUM
6.5
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT…
CVE-2024-28808
2024-09-30
LOW
2.7
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker…
CVE-2025-48136
2025-05-16
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik…
CVE-2025-48137
2025-05-16
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This…
CVE-2025-48135
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This…
CVE-2025-48134
2025-05-16
HIGH
7.2
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a…
CVE-2025-48132
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS.…
CVE-2023-30394
2023-05-11
MEDIUM
6.1
The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. NOTE: this issue is disputed…
CVE-2024-35388
2024-05-24
HIGH
8.8
TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVE-2024-33377
2024-06-14
HIGH
8.1
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users…
CVE-2024-33375
2024-06-14
CRITICAL
9.8
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVE-2024-3767
2024-04-15
MEDIUM
6.3
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file…
CVE-2025-4226
2025-05-03
HIGH
7.3
A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part…
CVE-2025-4695
2025-05-15
MEDIUM
6.3
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an…
CVE-2024-42514
2024-10-01
HIGH
8.1
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to…
CVE-2025-44881
2025-05-20
CRITICAL
9.8
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a…
CVE-2025-44880
2025-05-20
CRITICAL
9.8
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a…
CVE-2025-44882
2025-05-20
CRITICAL
9.8
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a…
CVE-2025-33136
2025-05-22
HIGH
7.1
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2025-33137
2025-05-22
HIGH
7.1
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2025-33138
2025-05-22
MEDIUM
5.4
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which…
CVE-2024-52874
2025-05-22
HIGH
8.8
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
CVE-2025-48066
2025-05-22
MEDIUM
6.0
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue…
CVE-2025-48075
2025-05-22
HIGH
7.5
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can…
CVE-2025-48366
2025-05-22
MEDIUM
5.4
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind…
CVE-2025-48368
2025-05-22
MEDIUM
5.4
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting…
CVE-2025-48369
2025-05-22
MEDIUM
5.4
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting…
CVE-2024-40458
2025-05-22
HIGH
7.8
An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
CVE-2024-40459
2025-05-22
HIGH
7.8
An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
CVE-2024-40460
2025-05-22
HIGH
7.8
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
CVE-2024-40461
2025-05-22
HIGH
7.8
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
CVE-2024-40462
2025-05-22
HIGH
7.8
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
CVE-2024-41195
2025-05-22
CRITICAL
9.8
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a…
CVE-2024-41196
2025-05-22
CRITICAL
9.8
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a…
CVE-2024-41197
2025-05-22
CRITICAL
9.8
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a…
CVE-2024-41198
2025-05-22
CRITICAL
9.8
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a…
CVE-2024-41199
2025-05-22
HIGH
7.2
An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a…
« Anterior
Página 338 de 3515
Siguiente »
Page load link
Go to Top
