Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-35202
2024-10-10
HIGH
7.5
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by…
CVE-2022-3076
2022-09-26
HIGH
7.2
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by…
CVE-2022-40106
2022-09-23
HIGH
7.5
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause…
CVE-2022-32829
2022-09-23
HIGH
7.8
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5.…
CVE-2022-32826
2022-09-23
HIGH
7.8
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS…
CVE-2022-32798
2022-09-23
HIGH
7.8
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app…
CVE-2022-32782
2022-09-23
MEDIUM
4.4
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root…
CVE-2022-32781
2022-09-23
MEDIUM
4.4
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS…
CVE-2022-26707
2022-09-23
MEDIUM
5.5
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey…
CVE-2022-22637
2022-09-23
HIGH
8.8
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS…
CVE-2022-22628
2022-09-23
HIGH
8.8
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari…
CVE-2020-36521
2022-09-23
HIGH
7.1
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0…
CVE-2025-27980
2025-04-15
MEDIUM
6.5
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.
CVE-2025-24977
2025-05-05
CRITICAL
9.1
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations`…
CVE-2024-45805
2024-12-26
MEDIUM
4.3
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed…
CVE-2024-37155
2024-11-18
MEDIUM
6.5
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version…
CVE-2025-44854
2025-05-01
MEDIUM
6.3
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This…
CVE-2025-44847
2025-05-01
MEDIUM
6.3
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This…
CVE-2025-44846
2025-05-01
MEDIUM
6.3
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This…
CVE-2025-44845
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This…
CVE-2025-44844
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This…
CVE-2025-44843
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This…
CVE-2025-44842
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This…
CVE-2025-44841
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This…
CVE-2025-44840
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This…
CVE-2025-44839
2025-05-01
MEDIUM
6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This…
CVE-2025-44838
2025-05-01
MEDIUM
6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter.…
CVE-2025-44837
2025-05-01
MEDIUM
6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or…
CVE-2025-44836
2025-05-01
MEDIUM
6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or…
CVE-2022-41343
2022-09-25
HIGH
7.5
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font…
CVE-2022-41340
2022-09-24
HIGH
7.5
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
CVE-2022-40748
2022-09-23
MEDIUM
5.4
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2022-40359
2022-09-23
MEDIUM
6.1
Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.
CVE-2022-40122
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.
CVE-2022-40121
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.
CVE-2022-40120
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.
CVE-2022-40119
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.
CVE-2022-40118
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.
CVE-2022-40117
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.
CVE-2022-3195
2022-09-26
HIGH
8.8
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out…
CVE-2022-3098
2022-09-26
MEDIUM
4.3
The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which…
CVE-2022-3062
2022-09-26
MEDIUM
6.1
The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to…
CVE-2022-40113
2022-09-23
CRITICAL
9.8
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.
CVE-2022-40107
2022-09-23
HIGH
7.5
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause…
CVE-2022-3025
2022-09-26
MEDIUM
5.4
The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing…
CVE-2022-3024
2022-09-26
MEDIUM
5.4
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing…
CVE-2022-32853
2022-09-23
HIGH
7.1
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS…
CVE-2022-32851
2022-09-23
HIGH
7.1
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS…
CVE-2022-32848
2022-09-23
MEDIUM
5.5
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5.…
CVE-2022-32847
2022-09-23
CRITICAL
9.1
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur…
« Anterior
Página 386 de 3519
Siguiente »
Page load link
Go to Top
