Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-44893
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
CVE-2025-44883
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function.
CVE-2025-2998
2025-03-31
MEDIUM
5.3
A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-44891
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function.
CVE-2025-44894
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function.
CVE-2025-2999
2025-03-31
MEDIUM
5.3
A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function…
CVE-2025-44896
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName parameter in the web_acl_bindEdit_post function.
CVE-2025-3000
2025-03-31
MEDIUM
5.3
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to…
CVE-2025-3001
2025-03-31
MEDIUM
5.3
A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to…
CVE-2025-44897
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function.
CVE-2025-44898
2025-05-20
CRITICAL
9.8
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function.
CVE-2025-5063
2025-05-27
HIGH
8.8
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-5064
2025-05-27
MEDIUM
5.4
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data…
CVE-2025-5065
2025-05-27
MEDIUM
6.5
Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via…
CVE-2025-5066
2025-05-27
MEDIUM
6.5
Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user…
CVE-2025-5067
2025-05-27
MEDIUM
5.4
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via…
CVE-2025-5280
2025-05-27
HIGH
8.8
Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap…
CVE-2025-5281
2025-05-27
MEDIUM
5.4
Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via…
CVE-2025-29918
2025-04-10
MEDIUM
6.2
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be…
CVE-2025-29917
2025-04-10
MEDIUM
6.2
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the…
CVE-2025-29916
2025-04-10
MEDIUM
6.2
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have…
CVE-2025-46672
2025-04-27
LOW
3.5
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
CVE-2025-3954
2025-04-26
LOW
3.7
A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown…
CVE-2025-29915
2025-04-10
HIGH
7.5
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is…
CVE-2023-45913
2024-03-27
MEDIUM
6.2
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the…
CVE-2023-45931
2024-03-27
HIGH
7.5
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed…
CVE-2023-45919
2024-03-27
MEDIUM
5.3
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common…
CVE-2024-24945
2024-02-01
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to…
CVE-2024-24331
2024-01-30
CRITICAL
9.8
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVE-2024-24327
2024-01-30
CRITICAL
9.8
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVE-2024-24041
2024-02-01
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to…
CVE-2024-24061
2024-02-01
MEDIUM
5.4
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.
CVE-2024-23940
2024-01-29
HIGH
7.8
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable…
CVE-2024-23034
2024-02-01
MEDIUM
6.1
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via…
CVE-2024-23033
2024-02-01
MEDIUM
6.1
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via…
CVE-2024-23775
2024-01-31
HIGH
7.5
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of…
CVE-2024-22938
2024-01-30
HIGH
7.8
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init…
CVE-2024-22859
2024-02-01
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the…
CVE-2024-22647
2024-01-30
MEDIUM
5.3
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in…
CVE-2024-1069
2024-01-31
HIGH
7.2
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the…
CVE-2024-1060
2024-01-30
HIGH
8.8
Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption…
CVE-2023-6165
2024-01-29
MEDIUM
4.8
The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could…
CVE-2023-51982
2024-01-30
CRITICAL
9.8
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In…
CVE-2023-51843
2024-01-30
HIGH
8.2
react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.
CVE-2023-51837
2024-01-30
CRITICAL
9.8
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVE-2023-42706
2023-12-04
MEDIUM
5.5
In firewall service, there is a possible way to write permission usage records of an app due to a missing…
CVE-2023-42698
2023-12-04
MEDIUM
5.5
In omacp service, there is a possible way to write permission usage records of an app due to a missing…
CVE-2023-42685
2023-12-04
HIGH
7.8
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no…
CVE-2023-42681
2023-12-04
HIGH
7.8
In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no…
CVE-2023-37518
2024-01-30
MEDIUM
6.4
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within…
« Anterior
Página 343 de 3516
Siguiente »
Page load link
Go to Top
