Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5099
2025-05-23
CRITICAL
9.8
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory…
CVE-2025-5098
2025-05-23
CRITICAL
9.1
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account…
CVE-2025-45472
2025-05-22
HIGH
8.8
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-0470
2025-01-31
MEDIUM
6.1
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site…
CVE-2025-0493
2025-01-31
CRITICAL
9.8
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in…
CVE-2024-13100
2025-01-31
MEDIUM
6.1
The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back…
CVE-2024-12872
2025-01-31
MEDIUM
4.8
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-53582
2025-01-31
HIGH
7.5
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to…
CVE-2024-53584
2025-01-31
CRITICAL
9.8
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
CVE-2025-30173
2025-05-22
MEDIUM
6.7
File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS…
CVE-2025-30172
2025-05-22
HIGH
8.0
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03;…
CVE-2025-30171
2025-05-22
CRITICAL
9.0
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This…
CVE-2025-30170
2025-05-22
MEDIUM
5.5
Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if…
CVE-2025-30169
2025-05-22
MEDIUM
6.7
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects…
CVE-2025-2410
2025-05-22
CRITICAL
9.1
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become…
CVE-2025-2409
2025-05-22
CRITICAL
9.1
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue…
CVE-2024-9639
2025-05-22
HIGH
8.0
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03;…
CVE-2024-13931
2025-05-22
HIGH
7.2
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects…
CVE-2024-13930
2025-05-22
MEDIUM
4.9
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials…
CVE-2024-13929
2025-05-22
HIGH
7.2
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through…
CVE-2024-13928
2025-05-22
HIGH
7.2
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This…
CVE-2025-48061
2025-05-22
MEDIUM
5.6
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not…
CVE-2025-47780
2025-05-22
N/A
0.0
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2025-47779
2025-05-22
HIGH
7.7
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2025-46716
2025-05-22
MEDIUM
5.5
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior…
CVE-2025-46715
2025-05-22
HIGH
7.8
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior…
CVE-2025-43596
2025-05-22
HIGH
7.8
An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM…
CVE-2024-48853
2025-05-22
CRITICAL
9.0
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as…
CVE-2024-48850
2025-05-22
HIGH
7.2
Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS…
CVE-2025-4366
2025-05-22
HIGH
8.0
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request…
CVE-2025-45468
2025-05-22
HIGH
8.8
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-2506
2025-05-22
MEDIUM
5.3
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user…
CVE-2025-23183
2025-05-22
MEDIUM
6.1
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-23182
2025-05-22
MEDIUM
4.3
CWE-203: Observable Discrepancy
CVE-2025-5080
2025-05-22
HIGH
8.8
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file…
CVE-2025-5024
2025-05-22
HIGH
7.4
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and…
CVE-2025-45471
2025-05-22
HIGH
8.8
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-32915
2025-05-22
N/A
0.0
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32,…
CVE-2024-12093
2025-05-22
MEDIUM
6.8
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0…
CVE-2025-5076
2025-05-22
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown…
CVE-2025-4979
2025-05-22
MEDIUM
4.9
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.…
CVE-2025-4575
2025-05-22
MEDIUM
6.5
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use…
CVE-2023-47466
2025-05-22
LOW
2.9
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which…
CVE-2025-5075
2025-05-22
HIGH
7.3
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an…
CVE-2025-46714
2025-05-22
HIGH
7.8
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior…
CVE-2025-46713
2025-05-22
HIGH
7.8
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior…
CVE-2025-3945
2025-05-22
HIGH
7.2
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise…
CVE-2025-2272
2025-05-22
HIGH
7.0
Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects…
CVE-2025-5074
2025-05-22
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of…
CVE-2025-5073
2025-05-22
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown…
« Anterior
Página 374 de 3517
Siguiente »
Page load link
Go to Top
