Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-26770
2024-10-04
CRITICAL
9.8
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password…
CVE-2025-2872
2025-05-27
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate…
CVE-2024-55569
2025-05-14
HIGH
7.5
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200,…
CVE-2022-41250
2022-09-21
MEDIUM
6.5
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to…
CVE-2022-41249
2022-09-21
HIGH
8.8
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an…
CVE-2022-41248
2022-09-21
MEDIUM
5.3
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing…
CVE-2022-41247
2022-09-21
MEDIUM
4.3
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the…
CVE-2022-41246
2022-09-21
MEDIUM
6.5
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect…
CVE-2022-40754
2022-09-21
MEDIUM
6.1
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
CVE-2022-40604
2022-09-21
HIGH
7.5
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
CVE-2022-39975
2022-09-22
MEDIUM
4.3
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update…
CVE-2022-37246
2022-09-21
MEDIUM
5.4
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line…
CVE-2022-37026
2022-09-21
CRITICAL
9.8
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification…
CVE-2022-38928
2022-09-21
HIGH
7.8
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2022-35085
2022-09-21
MEDIUM
5.5
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-37877
2022-09-20
HIGH
7.8
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user…
CVE-2022-32211
2022-09-23
HIGH
8.8
A SQL injection vulnerability exists in Rocket.Chat
CVE-2022-28978
2022-09-22
MEDIUM
5.4
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and…
CVE-2022-32882
2022-09-20
CRITICAL
9.8
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An…
CVE-2022-32861
2022-09-20
MEDIUM
5.3
A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A…
CVE-2022-28637
2022-09-20
HIGH
7.8
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of…
CVE-2022-23685
2022-09-20
HIGH
8.8
A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site…
CVE-2024-46333
2024-09-27
MEDIUM
4.8
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2024-46510
2024-09-30
HIGH
7.6
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface
CVE-2024-9411
2024-10-01
LOW
3.5
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save.…
CVE-2024-46485
2024-09-25
MEDIUM
6.3
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
CVE-2024-46600
2024-09-25
MEDIUM
4.7
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
CVE-2024-46632
2024-09-26
MEDIUM
4.3
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVE-2025-3045
2025-04-01
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown…
CVE-2025-30849
2025-04-01
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate…
CVE-2025-30870
2025-04-01
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP…
CVE-2022-48733
2024-06-20
HIGH
7.8
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At…
CVE-2024-38577
2024-06-19
HIGH
7.8
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of…
CVE-2024-38581
2024-06-19
HIGH
7.8
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix…
CVE-2022-48740
2024-06-20
HIGH
7.8
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On…
CVE-2024-13553
2025-04-01
CRITICAL
9.8
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all…
CVE-2025-3121
2025-04-02
LOW
3.3
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to…
CVE-2024-43151
2024-08-12
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver…
CVE-2024-43156
2024-08-12
HIGH
7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected…
CVE-2024-6724
2024-08-13
MEDIUM
4.8
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-5262
2025-05-27
N/A
0.0
Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE…
CVE-2025-26785
2025-05-14
HIGH
7.5
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100,…
CVE-2025-32951
2025-04-22
MEDIUM
6.4
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to…
CVE-2024-56427
2025-05-14
MEDIUM
6.5
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330,…
CVE-2022-40262
2022-09-20
HIGH
8.2
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot…
CVE-2022-40186
2022-09-22
CRITICAL
9.1
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found…
CVE-2022-38512
2022-09-22
MEDIUM
6.5
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check…
CVE-2022-38916
2022-09-20
CRITICAL
9.8
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
CVE-2022-38550
2022-09-19
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts…
CVE-2022-28981
2022-09-22
HIGH
7.5
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access…
« Anterior
Página 365 de 3517
Siguiente »
Page load link
Go to Top
