Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54386
2025-08-02
N/A
0.0
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a…
CVE-2025-54136
2025-08-02
HIGH
7.2
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and…
CVE-2025-54133
2025-08-02
N/A
0.0
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information…
CVE-2025-54792
2025-08-01
N/A
0.0
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an…
CVE-2025-54424
2025-08-01
HIGH
8.1
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server.…
CVE-2025-54132
2025-08-01
MEDIUM
4.4
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render…
CVE-2025-54131
2025-08-01
MEDIUM
6.4
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow…
CVE-2024-13978
2025-08-01
LOW
2.5
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is…
CVE-2013-10063
2025-08-01
N/A
0.0
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions
CVE-2013-10062
2025-08-01
N/A
0.0
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and…
CVE-2013-10061
2025-08-01
N/A
0.0
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45)…
CVE-2013-10060
2025-08-01
N/A
0.0
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via…
CVE-2013-10059
2025-08-01
N/A
0.0
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm…
CVE-2013-10058
2025-08-01
N/A
0.0
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the…
CVE-2013-10057
2025-08-01
N/A
0.0
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is…
CVE-2013-10055
2025-08-01
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The…
CVE-2013-10053
2025-08-01
N/A
0.0
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername…
CVE-2013-10051
2025-08-01
N/A
0.0
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within…
CVE-2013-10050
2025-08-01
N/A
0.0
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via…
CVE-2013-10049
2025-08-01
N/A
0.0
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint…
CVE-2013-10048
2025-08-01
N/A
0.0
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and…
CVE-2013-10047
2025-08-01
N/A
0.0
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server
CVE-2013-10046
2025-08-01
N/A
0.0
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary…
CVE-2013-10044
2025-08-01
N/A
0.0
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator…
CVE-2012-10022
2025-08-01
N/A
0.0
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The…
CVE-2025-54564
2025-08-01
HIGH
7.8
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as…
CVE-2025-50870
2025-08-01
CRITICAL
9.8
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address…
CVE-2025-8480
2025-08-01
HIGH
8.0
Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8477
2025-08-01
HIGH
7.4
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-8476
2025-08-01
HIGH
7.1
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8475
2025-08-01
HIGH
7.4
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2025-8474
2025-08-01
MEDIUM
6.8
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on…
CVE-2025-8473
2025-08-01
MEDIUM
6.4
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of…
CVE-2025-8472
2025-08-01
HIGH
7.4
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-6037
2025-08-01
MEDIUM
6.8
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA…
CVE-2025-6015
2025-08-01
MEDIUM
5.7
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in…
CVE-2025-6014
2025-08-01
MEDIUM
6.5
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period.…
CVE-2025-6011
2025-08-01
LOW
3.7
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing…
CVE-2025-6004
2025-08-01
MEDIUM
5.3
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault…
CVE-2025-6000
2025-08-01
CRITICAL
9.1
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying…
CVE-2025-5999
2025-08-01
HIGH
7.2
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s…
CVE-2025-54595
2025-08-01
HIGH
7.3
Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with…
CVE-2025-54593
2025-08-01
HIGH
7.2
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code…
CVE-2025-54590
2025-08-01
N/A
0.0
webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the…
CVE-2025-54574
2025-08-01
CRITICAL
9.3
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer…
CVE-2025-53012
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53011
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53010
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version…
CVE-2025-53009
2025-08-01
N/A
0.0
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions…
CVE-2025-51502
2025-08-01
MEDIUM
6.1
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution…
« Anterior
Página 36 de 3394
Siguiente »
Page load link
Go to Top
