Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-46190
2025-05-09
CRITICAL
9.8
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.
CVE-2025-46193
2025-05-09
CRITICAL
9.8
SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
CVE-2025-46192
2025-05-09
CRITICAL
9.8
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
CVE-2025-47280
2025-05-13
MEDIUM
6.1
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and…
CVE-2025-4658
2025-05-13
CRITICAL
9.8
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature…
CVE-2025-27197
2025-05-13
HIGH
7.8
Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution…
CVE-2025-30324
2025-05-13
HIGH
7.8
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result…
CVE-2025-30325
2025-05-13
HIGH
7.8
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in…
CVE-2025-4544
2025-05-11
MEDIUM
6.6
A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing…
CVE-2025-4858
2025-05-18
LOW
2.4
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of…
CVE-2025-4859
2025-05-18
LOW
2.4
A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing…
CVE-2024-0810
2024-01-24
MEDIUM
4.3
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install…
CVE-2024-0804
2024-01-24
HIGH
7.5
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin…
CVE-2024-0755
2024-01-23
HIGH
8.8
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of…
CVE-2024-0754
2024-01-23
MEDIUM
6.5
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
CVE-2024-0749
2024-01-23
MEDIUM
4.3
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address…
CVE-2024-0747
2024-01-23
MEDIUM
6.5
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden…
CVE-2024-0517
2024-01-16
HIGH
8.8
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap…
CVE-2024-0187
2024-01-16
MEDIUM
6.1
The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting…
CVE-2023-5124
2024-01-29
MEDIUM
4.8
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a…
CVE-2023-5091
2024-01-08
MEDIUM
5.5
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing…
CVE-2023-48085
2023-12-14
CRITICAL
9.8
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2023-46750
2023-12-14
MEDIUM
6.1
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache…
CVE-2023-41151
2023-12-14
HIGH
7.5
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the…
CVE-2022-40103
2022-09-23
MEDIUM
5.5
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause…
CVE-2022-40102
2022-09-23
HIGH
7.5
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause…
CVE-2022-40101
2022-09-23
HIGH
7.5
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause…
CVE-2022-40100
2022-09-23
CRITICAL
9.8
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.
CVE-2022-35247
2022-09-23
MEDIUM
4.3
A information disclosure vulnerability exists in Rocket.chat
CVE-2022-32823
2022-09-23
MEDIUM
5.5
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6,…
CVE-2022-32821
2022-09-23
HIGH
7.8
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6…
CVE-2020-36773
2024-02-04
CRITICAL
9.8
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in…
CVE-2020-26630
2024-01-10
MEDIUM
4.9
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database…
CVE-2022-32819
2022-09-23
HIGH
7.8
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS…
CVE-2022-32229
2022-09-23
MEDIUM
4.3
A information disclosure vulnerability exists in Rockert.Chat
CVE-2024-26139
2024-05-23
HIGH
8.3
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack…
CVE-2023-7064
2024-05-02
HIGH
7.5
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions…
CVE-2024-48987
2024-10-11
MEDIUM
6.6
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated…
CVE-2025-4860
2025-05-18
LOW
2.4
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file…
CVE-2024-1357
2024-04-16
MEDIUM
6.4
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-52701
2024-11-20
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts…
CVE-2024-51094
2024-11-12
HIGH
8.0
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious…
CVE-2024-48311
2024-10-31
HIGH
8.8
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
CVE-2024-46606
2024-10-16
MEDIUM
5.4
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or…
CVE-2024-46605
2024-10-16
MEDIUM
6.1
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or…
CVE-2025-43595
2025-05-01
HIGH
7.8
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root…
CVE-2025-3516
2025-05-16
MEDIUM
5.9
The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back…
CVE-2019-25220
2024-11-18
HIGH
7.5
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty…
CVE-2024-55563
2024-12-09
MEDIUM
5.3
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the…
CVE-2025-32728
2025-04-10
MEDIUM
4.3
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11…
« Anterior
Página 385 de 3519
Siguiente »
Page load link
Go to Top
