Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-40653
2025-05-26
N/A
0.0
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages…
CVE-2025-40652
2025-05-26
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the…
CVE-2025-40650
2025-05-26
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report…
CVE-2025-4057
2025-05-26
MEDIUM
5.5
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
CVE-2025-4053
2025-05-26
N/A
0.0
The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can…
CVE-2025-40672
2025-05-26
N/A
0.0
A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user…
CVE-2025-40671
2025-05-26
N/A
0.0
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases…
CVE-2025-35003
2025-05-26
CRITICAL
9.8
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache…
CVE-2025-41655
2025-05-26
HIGH
7.5
An unauthenticated remote attacker can access a URL which causes the device to reboot.
CVE-2025-41654
2025-05-26
HIGH
8.2
An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can…
CVE-2025-1985
2025-05-26
MEDIUM
6.1
Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into…
CVE-2025-5148
2025-05-25
MEDIUM
5.3
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function…
CVE-2025-5145
2025-05-25
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13…
CVE-2025-5140
2025-05-25
MEDIUM
6.3
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This…
CVE-2025-5139
2025-05-25
HIGH
7.3
A vulnerability was found in Qualitor 8.20. It has been rated as critical. Affected by this issue is some unknown…
CVE-2025-5138
2025-05-25
LOW
3.5
A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is…
CVE-2025-4223
2025-05-24
MEDIUM
4.7
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via…
CVE-2025-5058
2025-05-24
CRITICAL
9.8
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-4603
2025-05-24
CRITICAL
9.1
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
CVE-2025-4602
2025-05-24
MEDIUM
5.9
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to,…
CVE-2025-4336
2025-05-24
HIGH
8.1
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2025-5055
2025-05-24
MEDIUM
4.4
The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored…
CVE-2025-48756
2025-05-24
LOW
2.9
In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect…
CVE-2025-48755
2025-05-24
LOW
2.9
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
CVE-2025-48754
2025-05-24
LOW
2.9
In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
CVE-2025-48753
2025-05-24
LOW
2.9
In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.
CVE-2025-48752
2025-05-24
LOW
2.9
In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.
CVE-2025-48751
2025-05-24
LOW
2.9
The process_lock crate 0.1.0 for Rust allows data races in unlock.
CVE-2025-3869
2025-05-24
MEDIUM
6.1
The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This…
CVE-2024-13427
2025-05-24
MEDIUM
6.4
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-5119
2025-05-23
HIGH
7.3
A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the…
CVE-2025-48741
2025-05-23
N/A
0.0
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote,…
CVE-2025-48740
2025-05-23
N/A
0.0
A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0…
CVE-2025-48739
2025-05-23
N/A
0.0
A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0…
CVE-2025-48738
2025-05-23
N/A
0.0
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1…
CVE-2025-48735
2025-05-23
MEDIUM
4.3
A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers…
CVE-2025-44998
2025-05-23
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or…
CVE-2023-34873
2025-05-23
N/A
0.0
On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which…
CVE-2025-48378
2025-05-23
N/A
0.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded…
CVE-2025-48377
2025-05-23
N/A
0.0
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a…
CVE-2025-48376
2025-05-23
LOW
3.5
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a…
CVE-2025-48375
2025-05-23
N/A
0.0
Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based…
CVE-2025-43860
2025-05-23
HIGH
7.6
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS)…
CVE-2025-32967
2025-05-23
MEDIUM
5.4
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions…
CVE-2025-32794
2025-05-23
HIGH
7.6
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS)…
CVE-2025-24917
2025-05-23
HIGH
7.8
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could…
CVE-2025-24916
2025-05-23
HIGH
7.0
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1…
CVE-2023-53154
2025-05-23
LOW
2.9
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVE-2024-52274
2024-12-04
CRITICAL
9.8
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects…
CVE-2024-52273
2024-12-04
CRITICAL
9.8
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects…
« Anterior
Página 359 de 3516
Siguiente »
Page load link
Go to Top
