Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-31222
2025-05-12
HIGH
7.8
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5,…
CVE-2025-31223
2025-05-12
HIGH
8.0
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS…
CVE-2025-31224
2025-05-12
HIGH
7.8
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS…
CVE-2025-31225
2025-05-12
HIGH
7.1
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call…
CVE-2025-31226
2025-05-12
MEDIUM
5.5
A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS…
CVE-2025-31227
2025-05-12
MEDIUM
4.6
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker…
CVE-2025-31228
2025-05-12
MEDIUM
6.8
The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An…
CVE-2025-31232
2025-05-12
HIGH
7.1
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS…
CVE-2025-31233
2025-05-12
MEDIUM
6.3
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5,…
CVE-2025-31234
2025-05-12
HIGH
8.2
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5,…
CVE-2025-31235
2025-05-12
MEDIUM
6.5
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6,…
CVE-2025-31236
2025-05-12
MEDIUM
5.5
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app…
CVE-2025-31237
2025-05-12
HIGH
7.5
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma…
CVE-2025-31238
2025-05-12
HIGH
7.3
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS…
CVE-2025-31239
2025-05-12
LOW
3.3
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS…
CVE-2025-31240
2025-05-12
HIGH
7.5
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma…
CVE-2025-31241
2025-05-12
MEDIUM
5.3
A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6,…
CVE-2025-26369
2025-02-12
HIGH
8.8
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged)…
CVE-2023-43652
2023-09-27
HIGH
8.2
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API…
CVE-2023-29336
2023-05-09
HIGH
7.8
Win32k Elevation of Privilege Vulnerability
CVE-2025-4632
2025-05-13
CRITICAL
9.8
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers…
CVE-2023-36479
2023-09-15
LOW
3.5
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific…
CVE-2022-29799
2022-09-21
MEDIUM
5.5
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState…
CVE-2022-23951
2022-09-21
MEDIUM
5.5
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip…
CVE-2022-23950
2022-09-21
HIGH
7.5
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users…
CVE-2022-23949
2022-09-21
HIGH
7.5
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on…
CVE-2021-43310
2022-09-21
CRITICAL
9.8
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U…
CVE-2025-31242
2025-05-12
MEDIUM
5.5
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7,…
CVE-2025-31244
2025-05-12
HIGH
8.8
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may…
CVE-2025-31245
2025-05-12
MEDIUM
5.5
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS…
CVE-2025-31246
2025-05-12
HIGH
8.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting…
CVE-2025-31247
2025-05-12
HIGH
7.5
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5,…
CVE-2024-6884
2024-08-08
MEDIUM
5.4
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its…
CVE-2022-32174
2022-10-11
CRITICAL
9.0
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
CVE-2022-31022
2022-06-01
MEDIUM
6.2
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its…
CVE-2021-21353
2021-03-03
MEDIUM
6.8
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker…
CVE-2022-32176
2022-10-17
CRITICAL
9.0
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through…
CVE-2024-6158
2024-08-12
MEDIUM
4.8
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of…
CVE-2024-6330
2024-08-19
CRITICAL
9.8
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution…
CVE-2021-4226
2022-12-15
CRITICAL
9.8
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to…
CVE-2024-6451
2024-08-19
HIGH
7.2
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails…
CVE-2024-6843
2024-08-19
MEDIUM
6.1
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users…
CVE-2024-6847
2024-08-20
CRITICAL
9.8
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in…
CVE-2024-48655
2024-10-25
HIGH
8.8
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
CVE-2024-48191
2024-10-28
MEDIUM
6.3
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
CVE-2024-48291
2024-10-28
MEDIUM
6.3
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
CVE-2024-42835
2024-10-31
CRITICAL
9.8
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
CVE-2024-51407
2024-11-01
MEDIUM
6.2
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication…
CVE-2023-38952
2023-08-03
HIGH
7.5
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that…
CVE-2023-38951
2023-08-03
CRITICAL
9.8
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server…
« Anterior
Página 363 de 3517
Siguiente »
Page load link
Go to Top
