Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-5049
2025-05-21
HIGH
7.3
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code…
CVE-2025-3751
2025-05-21
N/A
0.0
The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack.…
CVE-2025-2261
2025-05-21
N/A
0.0
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within…
CVE-2025-5033
2025-05-21
MEDIUM
4.3
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of…
CVE-2025-5020
2025-05-21
MEDIUM
4.3
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if…
CVE-2025-48069
2025-05-21
MEDIUM
6.6
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool…
CVE-2025-48064
2025-05-21
LOW
3.3
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a…
CVE-2025-48063
2025-05-21
N/A
0.0
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights…
CVE-2025-48060
2025-05-21
N/A
0.0
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt`…
CVE-2025-47291
2025-05-21
N/A
0.0
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version…
CVE-2025-46822
2025-05-21
N/A
0.0
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path…
CVE-2025-2102
2025-05-21
N/A
0.0
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR…
CVE-2025-5031
2025-05-21
LOW
3.1
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some…
CVE-2025-5030
2025-05-21
MEDIUM
5.0
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the…
CVE-2025-4416
2025-05-21
HIGH
7.5
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log…
CVE-2025-4415
2025-05-21
MEDIUM
4.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue…
CVE-2025-48012
2025-05-21
MEDIUM
4.8
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time…
CVE-2025-48011
2025-05-21
MEDIUM
4.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One…
CVE-2025-48010
2025-05-21
MEDIUM
4.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One…
CVE-2025-48009
2025-05-21
LOW
3.1
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
CVE-2025-45754
2025-05-21
MEDIUM
5.4
A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads…
CVE-2025-25539
2025-05-21
MEDIUM
6.5
Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.
CVE-2025-20267
2025-05-21
MEDIUM
4.8
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to…
CVE-2025-20258
2025-05-21
MEDIUM
5.4
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into…
CVE-2025-20257
2025-05-21
MEDIUM
6.5
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could…
CVE-2025-20256
2025-05-21
MEDIUM
6.5
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager…
CVE-2025-20255
2025-05-21
MEDIUM
4.3
A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP…
CVE-2025-20250
2025-05-21
MEDIUM
6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability…
CVE-2025-20247
2025-05-21
MEDIUM
6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability…
CVE-2025-20246
2025-05-21
MEDIUM
6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability…
CVE-2025-20242
2025-05-21
MEDIUM
6.5
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker…
CVE-2025-20152
2025-05-21
HIGH
8.6
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker…
CVE-2025-20114
2025-05-21
MEDIUM
4.3
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal…
CVE-2025-20113
2025-05-21
HIGH
7.1
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a…
CVE-2025-20112
2025-05-21
MEDIUM
5.1
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate…
CVE-2025-0372
2025-05-21
N/A
0.0
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue…
CVE-2024-56428
2025-05-21
MEDIUM
5.5
The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for…
CVE-2025-48207
2025-05-21
HIGH
8.6
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48206
2025-05-21
MEDIUM
6.1
The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
CVE-2025-48205
2025-05-21
HIGH
8.6
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48204
2025-05-21
MEDIUM
6.8
The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
CVE-2025-48203
2025-05-21
MEDIUM
6.4
The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
CVE-2025-48202
2025-05-21
MEDIUM
5.3
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48201
2025-05-21
HIGH
8.6
The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
CVE-2025-48200
2025-05-21
CRITICAL
10.0
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
CVE-2025-27998
2025-05-21
HIGH
8.4
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
CVE-2025-5029
2025-05-21
MEDIUM
5.4
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and…
CVE-2024-23337
2025-05-21
MEDIUM
4.3
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value…
CVE-2024-56429
2025-05-21
HIGH
7.7
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to…
CVE-2024-42922
2025-05-21
MEDIUM
6.5
AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
« Anterior
Página 395 de 3521
Siguiente »
Page load link
Go to Top
