Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48695
2025-05-23
MEDIUM
6.4
An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege…
CVE-2025-4594
2025-05-23
MEDIUM
6.4
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up…
CVE-2025-48701
2025-05-23
MEDIUM
5.4
openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.
CVE-2025-2394
2025-05-23
N/A
0.0
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object…
CVE-2025-4692
2025-05-23
MEDIUM
6.8
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the…
CVE-2025-4338
2025-05-22
MEDIUM
6.8
Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An…
CVE-2025-48371
2025-05-22
N/A
0.0
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0…
CVE-2025-4975
2025-05-22
N/A
0.0
When a notification relating to low battery appears for a user with whom the device has been shared, tapping the…
CVE-2025-47181
2025-05-22
HIGH
8.8
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CVE-2025-48374
2025-05-22
N/A
0.0
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion…
CVE-2025-48373
2025-05-22
N/A
0.0
Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels…
CVE-2025-48372
2025-05-22
N/A
0.0
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version…
CVE-2024-5962
2025-05-22
MEDIUM
6.1
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding…
CVE-2024-7487
2025-05-22
MEDIUM
5.8
An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to…
CVE-2024-7103
2025-05-22
MEDIUM
4.6
A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper…
CVE-2024-6914
2025-05-22
CRITICAL
9.8
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP…
CVE-2024-51553
2025-05-22
MEDIUM
6.5
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects…
CVE-2024-51552
2025-05-22
MEDIUM
6.0
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through…
CVE-2024-48848
2025-05-22
MEDIUM
6.5
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become…
CVE-2024-13958
2025-05-22
MEDIUM
4.8
Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series:…
CVE-2024-13957
2025-05-22
HIGH
7.6
SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS…
CVE-2024-13956
2025-05-22
MEDIUM
6.7
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through…
CVE-2024-13955
2025-05-22
HIGH
8.8
2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This…
CVE-2024-13954
2025-05-22
MEDIUM
6.5
Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS…
CVE-2024-13953
2025-05-22
MEDIUM
4.9
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS…
CVE-2024-13952
2025-05-22
HIGH
8.4
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects…
CVE-2024-13951
2025-05-22
HIGH
7.6
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise:…
CVE-2024-13950
2025-05-22
MEDIUM
6.8
Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects…
CVE-2024-13949
2025-05-22
MEDIUM
6.8
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become…
CVE-2024-13948
2025-05-22
HIGH
7.3
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*;…
CVE-2024-13947
2025-05-22
MEDIUM
6.0
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise:…
CVE-2024-13946
2025-05-22
MEDIUM
6.8
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This…
CVE-2025-4827
2025-05-17
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an unknown…
CVE-2025-4829
2025-05-17
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability is the…
CVE-2025-4830
2025-05-17
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this…
CVE-2025-4831
2025-05-17
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown…
CVE-2025-4832
2025-05-17
HIGH
8.8
A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability affects unknown…
CVE-2025-4833
2025-05-17
HIGH
8.8
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown…
CVE-2025-4834
2025-05-17
HIGH
8.8
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an…
CVE-2025-4835
2025-05-17
HIGH
8.8
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this…
CVE-2025-4826
2025-05-17
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects…
CVE-2025-4825
2025-05-17
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of…
CVE-2025-4824
2025-05-17
HIGH
8.8
A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part…
CVE-2025-4823
2025-05-17
HIGH
8.8
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this…
CVE-2024-25502
2024-02-15
CRITICAL
9.8
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via…
CVE-2024-25166
2024-02-27
MEDIUM
6.1
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter…
CVE-2023-41506
2024-02-27
CRITICAL
9.8
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers…
CVE-2024-25400
2024-02-27
CRITICAL
9.8
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it…
CVE-2024-27508
2024-02-27
HIGH
7.5
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
CVE-2024-25840
2024-02-27
HIGH
7.5
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for…
« Anterior
Página 379 de 3518
Siguiente »
Page load link
Go to Top
