Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48931
2025-05-28
LOW
3.2
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables)…
CVE-2025-48930
2025-05-28
LOW
2.8
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an…
CVE-2025-48929
2025-05-28
MEDIUM
4.0
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time)…
CVE-2025-48928
2025-05-28
MEDIUM
4.0
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to…
CVE-2025-48927
2025-05-28
MEDIUM
5.3
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as…
CVE-2025-48926
2025-05-28
MEDIUM
4.3
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers,…
CVE-2025-48925
2025-05-28
MEDIUM
4.3
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and…
CVE-2025-36572
2025-05-28
MEDIUM
6.5
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker…
CVE-2025-32802
2025-05-28
MEDIUM
6.1
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common…
CVE-2025-32801
2025-05-28
HIGH
7.8
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as…
CVE-2024-47056
2025-05-28
MEDIUM
5.1
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser.…
CVE-2024-51453
2025-05-28
MEDIUM
4.3
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker…
CVE-2024-38341
2025-05-28
MEDIUM
5.9
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms…
CVE-2025-3357
2025-05-28
CRITICAL
9.8
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper…
CVE-2025-3818
2025-04-19
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the…
CVE-2025-21204
2025-04-08
HIGH
7.8
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-21224
2025-01-14
HIGH
8.1
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2023-5953
2023-12-04
HIGH
8.8
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have…
CVE-2023-5137
2023-12-04
MEDIUM
4.8
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could…
CVE-2023-42747
2023-12-04
HIGH
7.8
In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no…
CVE-2023-42736
2023-12-04
HIGH
7.8
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no…
CVE-2023-42726
2023-12-04
MEDIUM
4.4
In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to…
CVE-2023-42716
2023-12-04
HIGH
7.5
In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution…
CVE-2023-40076
2023-12-04
MEDIUM
5.5
In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass.…
CVE-2023-32863
2023-12-04
MEDIUM
6.7
In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead…
CVE-2023-21216
2023-12-04
CRITICAL
9.8
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead…
CVE-2023-32854
2023-12-04
MEDIUM
6.7
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to…
CVE-2023-32843
2023-12-04
HIGH
7.5
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial…
CVE-2022-41138
2022-09-20
CRITICAL
9.8
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
CVE-2022-37883
2022-09-20
HIGH
7.2
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying…
CVE-2022-38340
2022-09-20
CRITICAL
9.1
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.
CVE-2022-40955
2022-09-20
HIGH
8.8
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters…
CVE-2022-28639
2022-09-20
HIGH
8.8
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to…
CVE-2022-35196
2022-09-20
HIGH
8.8
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVE-2022-34917
2022-09-20
HIGH
7.5
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated…
CVE-2022-28638
2022-09-20
HIGH
7.8
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a…
CVE-2022-23695
2022-09-20
HIGH
8.8
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection…
CVE-2022-23694
2022-09-20
HIGH
8.8
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection…
CVE-2017-20148
2022-09-20
CRITICAL
9.8
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the…
CVE-2017-20147
2022-09-20
MEDIUM
6.5
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by…
CVE-2016-20015
2022-09-20
HIGH
7.5
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of…
CVE-2025-46673
2025-04-27
MEDIUM
4.9
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to…
CVE-2025-46674
2025-04-27
LOW
3.5
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially…
CVE-2024-31099
2024-04-01
MEDIUM
6.4
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for…
CVE-2025-34028
2025-04-22
CRITICAL
10.0
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when…
CVE-2024-3517
2024-05-02
MEDIUM
6.4
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion…
CVE-2024-3341
2024-05-02
MEDIUM
6.4
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-1533
2024-05-02
MEDIUM
6.4
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML…
CVE-2024-1396
2024-05-02
MEDIUM
6.4
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’…
CVE-2023-37888
2024-05-17
HIGH
7.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for…
« Anterior
Página 345 de 3516
Siguiente »
Page load link
Go to Top
