Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-36259
2024-01-30
MEDIUM
5.4
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during…
CVE-2023-24049
2023-12-04
CRITICAL
9.8
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor…
CVE-2022-35068
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.
CVE-2022-35067
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.
CVE-2022-35066
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.
CVE-2022-35065
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.
CVE-2022-35064
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.
CVE-2022-35063
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.
CVE-2022-32911
2022-09-20
HIGH
7.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS…
CVE-2022-32908
2022-09-20
HIGH
7.8
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7…
CVE-2022-35062
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.
CVE-2022-35061
2022-09-19
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.
CVE-2022-32886
2022-09-20
HIGH
8.8
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS…
CVE-2022-32883
2022-09-20
MEDIUM
5.5
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS…
CVE-2025-37999
2025-05-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() If bio_add_folio() fails (because it…
CVE-2025-37996
2025-05-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207…
CVE-2025-37993
2025-05-29
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The…
CVE-2025-33043
2025-05-29
MEDIUM
5.8
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this…
CVE-2025-48047
2025-05-29
N/A
0.0
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
CVE-2025-48046
2025-05-29
N/A
0.0
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the…
CVE-2025-48045
2025-05-29
N/A
0.0
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
CVE-2025-48388
2025-05-29
N/A
0.0
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of…
CVE-2025-5286
2025-05-29
MEDIUM
6.4
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions…
CVE-2025-5122
2025-05-29
MEDIUM
6.4
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions…
CVE-2025-4687
2025-05-29
N/A
0.0
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If…
CVE-2025-4670
2025-05-29
MEDIUM
6.4
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-27151
2025-05-29
MEDIUM
4.7
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a…
CVE-2024-52588
2025-05-29
MEDIUM
4.9
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field…
CVE-2025-5276
2025-05-29
HIGH
7.4
All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can…
CVE-2025-5273
2025-05-29
MEDIUM
6.5
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool.…
CVE-2025-4583
2025-05-29
MEDIUM
5.4
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-3755
2025-05-29
CRITICAL
9.1
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules…
CVE-2025-5256
2025-05-28
MEDIUM
5.4
SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker…
CVE-2025-48749
2025-05-28
CRITICAL
9.1
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.
CVE-2025-48747
2025-05-28
MEDIUM
5.0
Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical…
CVE-2025-32803
2025-05-28
MEDIUM
4.0
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1,…
CVE-2025-31501
2025-05-28
HIGH
7.2
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVE-2025-31500
2025-05-28
HIGH
7.2
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVE-2025-30087
2025-05-28
HIGH
7.2
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in…
CVE-2025-1461
2025-05-28
MEDIUM
5.6
Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted…
CVE-2024-47057
2025-05-28
MEDIUM
5.3
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited…
CVE-2024-47055
2025-05-28
MEDIUM
4.3
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user…
CVE-2025-5257
2025-05-28
MEDIUM
6.5
SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially…
CVE-2025-48931
2025-05-28
LOW
3.2
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables)…
CVE-2025-48930
2025-05-28
LOW
2.8
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an…
CVE-2025-48929
2025-05-28
MEDIUM
4.0
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time)…
CVE-2025-48928
2025-05-28
MEDIUM
4.0
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to…
CVE-2025-48927
2025-05-28
MEDIUM
5.3
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as…
CVE-2025-48926
2025-05-28
MEDIUM
4.3
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers,…
CVE-2025-48925
2025-05-28
MEDIUM
4.3
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and…
« Anterior
Página 344 de 3516
Siguiente »
Page load link
Go to Top
