Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-41320
2022-09-23
MEDIUM
6.5
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of…
CVE-2022-41319
2022-09-23
MEDIUM
6.1
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI).…
CVE-2022-40188
2022-09-23
HIGH
7.5
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During…
CVE-2022-40869
2022-09-23
CRITICAL
9.8
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
CVE-2022-40865
2022-09-23
CRITICAL
9.8
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
CVE-2022-40716
2022-09-23
MEDIUM
6.5
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in…
CVE-2022-38936
2022-09-23
HIGH
7.5
An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
CVE-2022-37235
2022-09-23
CRITICAL
9.8
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in…
CVE-2022-40089
2022-09-22
CRITICAL
9.8
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted…
CVE-2022-40088
2022-09-22
MEDIUM
6.1
Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability…
CVE-2022-40087
2022-09-22
CRITICAL
9.8
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows…
CVE-2022-36944
2022-09-23
CRITICAL
9.8
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited.…
CVE-2022-37234
2022-09-22
HIGH
7.8
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in…
CVE-2022-34026
2022-09-22
HIGH
7.5
ICEcoder v8.1 allows attackers to execute a directory traversal.
CVE-2022-35024
2022-09-22
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVE-2022-32814
2022-09-23
HIGH
7.8
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS…
CVE-2022-32849
2022-09-23
MEDIUM
5.5
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS…
CVE-2022-33682
2022-09-23
MEDIUM
5.9
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar…
CVE-2022-31937
2022-09-22
CRITICAL
9.8
Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.
CVE-2021-3187
2023-12-11
HIGH
8.8
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by…
CVE-2022-26112
2022-09-23
CRITICAL
9.8
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected…
CVE-2022-29181
2022-05-20
HIGH
8.2
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all…
CVE-2018-16153
2023-12-12
HIGH
7.5
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts…
CVE-2015-8314
2023-12-12
HIGH
7.5
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain…
CVE-2020-36604
2022-09-23
HIGH
8.1
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
CVE-2023-44857
2024-04-12
HIGH
8.1
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script…
CVE-2025-24274
2025-05-12
HIGH
7.8
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS…
CVE-2025-46631
2025-05-01
MEDIUM
6.5
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to…
CVE-2025-46630
2025-05-01
MEDIUM
6.5
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to…
CVE-2023-44854
2024-04-12
MEDIUM
6.1
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via…
CVE-2025-46629
2025-05-01
MEDIUM
6.5
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker…
CVE-2025-46628
2025-05-01
HIGH
7.3
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker…
CVE-2024-28339
2024-03-12
MEDIUM
5.4
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers…
CVE-2025-46627
2025-05-01
HIGH
8.2
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service…
CVE-2024-28340
2024-03-12
HIGH
7.5
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers…
CVE-2025-46626
2025-05-01
HIGH
7.3
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda…
CVE-2025-46625
2025-05-01
HIGH
8.8
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote…
CVE-2025-3346
2025-04-07
HIGH
8.8
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the…
CVE-2025-45514
2025-05-07
MEDIUM
6.5
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
CVE-2025-44877
2025-05-02
CRITICAL
9.8
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This…
CVE-2025-44872
2025-05-02
CRITICAL
9.8
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This…
CVE-2023-52070
2024-04-10
HIGH
8.4
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed…
CVE-2024-23077
2024-04-10
HIGH
7.5
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third…
CVE-2024-22949
2024-04-08
CRITICAL
9.1
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties…
CVE-2025-24225
2025-05-12
MEDIUM
6.5
An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS…
CVE-2025-24258
2025-05-12
HIGH
7.8
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS…
CVE-2025-44186
2025-05-14
MEDIUM
5.4
SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.
CVE-2025-46635
2025-05-01
HIGH
7.1
An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other…
CVE-2025-46634
2025-05-01
HIGH
8.2
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated…
CVE-2023-44853
2024-04-12
MEDIUM
4.8
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a…
« Anterior
Página 369 de 3517
Siguiente »
Page load link
Go to Top
