Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-52390
2025-08-01
CRITICAL
9.1
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in…
CVE-2025-50869
2025-08-01
MEDIUM
6.1
A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query…
CVE-2025-50868
2025-08-01
MEDIUM
6.5
A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized…
CVE-2025-51501
2025-08-01
MEDIUM
6.1
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary…
CVE-2025-50472
2025-08-01
CRITICAL
9.8
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function…
CVE-2025-49832
2025-08-01
MEDIUM
6.5
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0…
CVE-2025-45778
2025-08-01
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts…
CVE-2025-45150
2025-08-01
CRITICAL
9.8
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
CVE-2025-50460
2025-08-01
CRITICAL
9.8
A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using…
CVE-2025-46018
2025-08-01
MEDIUM
5.4
CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling…
CVE-2025-33118
2025-08-01
MEDIUM
6.4
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users…
CVE-2025-2824
2025-08-01
HIGH
7.4
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using…
CVE-2023-32256
2025-08-01
HIGH
7.5
A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in…
CVE-2025-51504
2025-08-01
HIGH
7.6
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVE-2025-48074
2025-08-01
N/A
0.0
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture…
CVE-2025-52361
2025-08-01
N/A
0.0
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to…
CVE-2025-52327
2025-08-01
N/A
0.0
SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
CVE-2025-44139
2025-08-01
N/A
0.0
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
CVE-2025-45767
2025-08-01
HIGH
7.0
jose v6.0.10 was discovered to contain weak encryption.
CVE-2019-19144
2025-08-01
N/A
0.0
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
CVE-2025-8454
2025-08-01
CRITICAL
9.8
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a…
CVE-2025-5921
2025-08-01
MEDIUM
5.8
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2023-44976
2025-08-01
LOW
3.2
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl…
CVE-2025-41376
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41375
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41374
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41373
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41372
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41371
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-41370
2025-08-01
N/A
0.0
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability…
CVE-2025-6228
2025-08-01
MEDIUM
6.4
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets…
CVE-2025-4684
2025-08-01
MEDIUM
6.4
The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder &…
CVE-2025-8443
2025-08-01
HIGH
7.3
A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some…
CVE-2025-6398
2025-08-01
N/A
0.0
A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered…
CVE-2025-8442
2025-08-01
HIGH
7.3
A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is…
CVE-2025-8441
2025-08-01
HIGH
7.3
A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function…
CVE-2025-8439
2025-08-01
HIGH
7.3
A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown…
CVE-2025-8438
2025-08-01
HIGH
7.3
A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file…
CVE-2025-8437
2025-08-01
HIGH
7.3
A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the…
CVE-2025-7646
2025-08-01
MEDIUM
6.4
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable…
CVE-2025-8436
2025-08-01
HIGH
7.3
A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue…
CVE-2025-54939
2025-08-01
MEDIUM
5.3
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2025-31716
2025-08-01
MEDIUM
5.1
In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to…
CVE-2025-8435
2025-08-01
HIGH
7.3
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability…
CVE-2025-7845
2025-08-01
MEDIUM
6.4
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps…
CVE-2025-7725
2025-08-01
HIGH
7.2
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share…
CVE-2025-7443
2025-08-01
HIGH
8.1
The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for…
CVE-2025-4523
2025-08-01
MEDIUM
6.5
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data…
CVE-2025-8434
2025-08-01
HIGH
7.3
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown…
CVE-2025-8433
2025-08-01
MEDIUM
5.4
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink…
« Anterior
Página 37 de 3394
Siguiente »
Page load link
Go to Top
