Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-61928
2025-10-09
N/A
0.0
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing…
CVE-2025-61779
2025-10-09
N/A
0.0
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if…
CVE-2025-61773
2025-10-09
HIGH
8.1
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script…
CVE-2025-61602
2025-10-09
HIGH
7.5
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in…
CVE-2025-60869
2025-10-10
HIGH
7.3
Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject…
CVE-2025-61152
2025-10-10
MEDIUM
6.5
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary…
CVE-2025-60868
2025-10-10
MEDIUM
6.5
The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates…
CVE-2025-60375
2025-10-09
HIGH
7.3
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the…
CVE-2025-43296
2025-10-09
MEDIUM
5.5
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
CVE-2025-11556
2025-10-09
HIGH
7.3
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql…
CVE-2025-11555
2025-10-09
HIGH
7.3
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in…
CVE-2025-11553
2025-10-09
MEDIUM
6.3
A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument…
CVE-2025-8887
2025-10-10
MEDIUM
6.1
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection,…
CVE-2025-8886
2025-10-10
MEDIUM
6.7
Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege…
CVE-2025-60316
2025-10-09
CRITICAL
9.4
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.
CVE-2025-11371
2025-10-09
MEDIUM
6.2
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of…
CVE-2025-62239
2025-10-10
N/A
0.0
Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through…
CVE-2025-62238
2025-10-10
N/A
0.0
Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and…
CVE-2025-62237
2025-10-10
N/A
0.0
Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update…
CVE-2025-7781
2025-10-10
MEDIUM
6.4
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including,…
CVE-2025-7374
2025-10-10
MEDIUM
5.4
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to…
CVE-2025-11579
2025-10-10
MEDIUM
5.3
github.com/nwaples/rardecode versions
CVE-2025-61864
2025-10-10
HIGH
7.8
A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND),…
CVE-2025-61863
2025-10-10
HIGH
7.8
An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61862
2025-10-10
HIGH
7.8
An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61861
2025-10-10
HIGH
7.8
An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61860
2025-10-10
HIGH
7.8
An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61859
2025-10-10
HIGH
7.8
An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61858
2025-10-10
HIGH
7.8
An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61857
2025-10-10
HIGH
7.8
An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and…
CVE-2025-61856
2025-10-10
HIGH
7.8
A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND),…
CVE-2025-52635
2025-10-10
LOW
3.7
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
CVE-2025-52625
2025-10-10
LOW
3.7
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access…
CVE-2025-52624
2025-10-10
MEDIUM
5.4
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and…
CVE-2025-11190
2025-10-10
N/A
0.0
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVE-2025-11189
2025-10-10
N/A
0.0
The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
CVE-2025-11188
2025-10-10
N/A
0.0
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
CVE-2025-52650
2025-10-10
HIGH
8.2
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
CVE-2025-52634
2025-10-10
LOW
3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
CVE-2025-52632
2025-10-10
MEDIUM
6.5
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
CVE-2025-52630
2025-10-10
LOW
3.7
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
CVE-2025-41089
2025-10-10
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must…
CVE-2025-41088
2025-10-10
N/A
0.0
Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create…
CVE-2025-37727
2025-10-10
MEDIUM
5.7
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
CVE-2025-25018
2025-10-10
HIGH
8.7
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVE-2025-25017
2025-10-10
HIGH
8.2
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
CVE-2025-52655
2025-10-10
LOW
3.1
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the…
CVE-2025-40640
2025-10-10
N/A
0.0
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by…
CVE-2025-62292
2025-10-10
MEDIUM
4.3
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email…
CVE-2025-21070
2025-10-10
MEDIUM
4.0
Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
« Anterior
Página 384 de 3933
Siguiente »
Page load link
Go to Top
