Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-41403
2025-05-22
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
CVE-2025-3836
2025-05-22
HIGH
8.3
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
CVE-2025-3444
2025-05-22
MEDIUM
6.5
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in…
CVE-2024-25010
2025-05-22
HIGH
8.8
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could…
CVE-2025-4419
2025-05-22
MEDIUM
4.3
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2…
CVE-2025-4405
2025-05-22
MEDIUM
4.9
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions…
CVE-2025-4280
2025-05-22
N/A
0.0
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user…
CVE-2024-9544
2025-05-22
MEDIUM
6.4
The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to,…
CVE-2025-4123
2025-05-22
HIGH
7.6
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows…
CVE-2025-4133
2025-05-22
MEDIUM
5.4
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when…
CVE-2025-5062
2025-05-22
MEDIUM
6.1
The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to,…
CVE-2025-3887
2025-05-22
HIGH
8.8
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2025-3885
2025-05-22
MEDIUM
5.3
Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on…
CVE-2025-3884
2025-05-22
HIGH
7.5
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected…
CVE-2025-3883
2025-05-22
HIGH
8.8
eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-3882
2025-05-22
HIGH
8.8
eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary…
CVE-2025-3881
2025-05-22
HIGH
8.8
eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary…
CVE-2025-3486
2025-05-22
HIGH
7.2
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations…
CVE-2025-3484
2025-05-22
CRITICAL
9.8
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-3483
2025-05-22
CRITICAL
9.8
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-3482
2025-05-22
CRITICAL
9.8
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-3481
2025-05-22
CRITICAL
9.8
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-3480
2025-05-22
MEDIUM
5.3
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information…
CVE-2025-2759
2025-05-22
HIGH
7.0
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of…
CVE-2025-34025
2025-05-21
N/A
0.0
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default…
CVE-2025-48070
2025-05-21
LOW
3.5
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change…
CVE-2025-47947
2025-05-21
HIGH
7.5
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to…
CVE-2025-47942
2025-05-21
MEDIUM
5.3
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading…
CVE-2025-34027
2025-05-21
N/A
0.0
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at…
CVE-2025-34026
2025-05-21
N/A
0.0
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at…
CVE-2025-5053
2025-05-21
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is…
CVE-2025-5052
2025-05-21
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-45753
2025-05-21
HIGH
7.2
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code…
CVE-2025-44040
2025-05-21
HIGH
7.2
An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function
CVE-2025-5114
2025-05-23
MEDIUM
6.3
A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of…
CVE-2022-31812
2025-05-23
HIGH
7.5
A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds…
CVE-2022-31807
2025-05-23
MEDIUM
6.2
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do…
CVE-2018-25110
2025-05-23
N/A
0.0
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking…
CVE-2025-5112
2025-05-23
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of…
CVE-2025-5111
2025-05-23
HIGH
7.3
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is…
CVE-2025-5110
2025-05-23
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-3580
2025-05-23
MEDIUM
5.5
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account.…
CVE-2025-5109
2025-05-23
HIGH
7.3
A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the…
CVE-2025-48292
2025-05-23
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP…
CVE-2025-48289
2025-05-23
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through…
CVE-2025-48287
2025-05-23
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x…
CVE-2025-48286
2025-05-23
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This…
CVE-2025-48283
2025-05-23
CRITICAL
9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL…
CVE-2025-48275
2025-05-23
MEDIUM
6.5
Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header:…
CVE-2025-48273
2025-05-23
HIGH
7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal.…
« Anterior
Página 375 de 3517
Siguiente »
Page load link
Go to Top
