Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-48128
2024-01-26
MEDIUM
5.4
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of…
CVE-2023-48126
2024-01-26
MEDIUM
5.4
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of…
CVE-2023-38323
2024-01-26
CRITICAL
9.8
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration…
CVE-2022-38527
2022-09-19
MEDIUM
6.1
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
CVE-2022-38509
2022-09-19
CRITICAL
9.8
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
CVE-2022-35060
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVE-2022-38351
2022-09-19
HIGH
8.8
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a…
CVE-2022-2995
2022-09-19
HIGH
7.1
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data…
CVE-2022-28321
2022-09-19
CRITICAL
9.8
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict…
CVE-2022-28204
2022-09-19
HIGH
7.5
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There…
CVE-2024-36795
2024-06-06
MEDIUM
4.0
Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.
CVE-2024-4756
2024-06-07
MEDIUM
5.4
The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-36787
2024-06-07
HIGH
8.8
An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.
CVE-2024-36789
2024-06-07
HIGH
8.1
An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
CVE-2024-36790
2024-06-07
HIGH
8.8
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.
CVE-2024-36792
2024-06-07
HIGH
8.2
An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's…
CVE-2024-37630
2024-06-13
HIGH
8.8
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as…
CVE-2024-40392
2024-07-16
CRITICAL
9.8
SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain…
CVE-2024-41602
2024-07-19
HIGH
8.8
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a…
CVE-2024-41603
2024-07-19
CRITICAL
9.6
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.
CVE-2024-6420
2024-07-23
HIGH
8.6
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect…
CVE-2024-8436
2024-09-25
CRITICAL
9.9
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and…
CVE-2024-8437
2024-09-25
MEDIUM
4.3
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing…
CVE-2024-50690
2025-01-24
MEDIUM
6.5
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.
CVE-2024-50692
2025-01-24
MEDIUM
5.4
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary…
CVE-2024-50694
2025-01-24
CRITICAL
9.8
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not…
CVE-2024-50695
2025-01-24
CRITICAL
9.8
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic…
CVE-2024-50697
2025-01-24
HIGH
8.1
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have…
CVE-2024-50698
2025-01-24
CRITICAL
9.8
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
CVE-2024-51675
2024-11-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows…
CVE-2024-57590
2025-01-27
CRITICAL
9.8
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute…
CVE-2025-22646
2025-03-27
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This…
CVE-2025-32158
2025-04-10
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for…
CVE-2025-0993
2025-05-22
HIGH
7.5
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.…
CVE-2025-1110
2025-05-22
LOW
2.7
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user…
CVE-2025-2853
2025-05-22
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.…
CVE-2025-3111
2025-05-22
MEDIUM
6.5
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-0605
2025-05-22
MEDIUM
4.6
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-0679
2025-05-22
MEDIUM
4.3
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-44884
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function.
CVE-2025-44885
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function.
CVE-2025-44886
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function.
CVE-2025-44887
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function.
CVE-2025-44888
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function.
CVE-2025-44890
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function.
CVE-2025-44893
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
CVE-2025-44883
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function.
CVE-2025-2998
2025-03-31
MEDIUM
5.3
A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-44891
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function.
CVE-2025-44894
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function.
« Anterior
Página 342 de 3516
Siguiente »
Page load link
Go to Top
