Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48417
2025-05-21
MEDIUM
6.5
The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443)…
CVE-2025-48415
2025-05-21
MEDIUM
6.2
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini…
CVE-2025-1421
2025-05-21
N/A
0.0
Data provided in a request performed to the server while activating a new device are put in a database. Other high…
CVE-2025-1420
2025-05-21
N/A
0.0
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a…
CVE-2025-1419
2025-05-21
N/A
0.0
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored…
CVE-2025-1418
2025-05-21
N/A
0.0
A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions.…
CVE-2025-1417
2025-05-21
N/A
0.0
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the…
CVE-2025-1416
2025-05-21
N/A
0.0
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile…
CVE-2025-4803
2025-05-21
HIGH
7.2
The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in…
CVE-2025-4611
2025-05-21
MEDIUM
6.4
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-4221
2025-05-21
MEDIUM
6.4
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions…
CVE-2025-4219
2025-05-21
MEDIUM
6.4
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up…
CVE-2025-4217
2025-05-21
MEDIUM
6.4
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in…
CVE-2025-4105
2025-05-21
MEDIUM
5.4
The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions…
CVE-2025-48414
2025-05-21
MEDIUM
6.5
There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to…
CVE-2025-48413
2025-05-21
HIGH
7.7
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with…
CVE-2025-41232
2025-05-21
CRITICAL
9.1
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your…
CVE-2025-3781
2025-05-21
MEDIUM
6.4
The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all…
CVE-2025-3750
2025-05-21
MEDIUM
6.4
The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions…
CVE-2025-27804
2025-05-21
MEDIUM
6.5
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message…
CVE-2025-27803
2025-05-21
MEDIUM
6.5
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network…
CVE-2025-1415
2025-05-21
N/A
0.0
A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management),…
CVE-2024-12561
2025-05-21
MEDIUM
6.1
The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions…
CVE-2025-1712
2025-05-21
N/A
0.0
Argument injection in special agent configuration in Checkmk
CVE-2019-16536
2025-05-21
N/A
0.0
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
CVE-2025-4524
2025-05-21
CRITICAL
9.8
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion…
CVE-2021-25262
2025-05-21
N/A
0.0
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
CVE-2021-25255
2025-05-21
N/A
0.0
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
CVE-2021-25254
2025-05-21
N/A
0.0
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
CVE-2025-4969
2025-05-21
MEDIUM
6.5
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of…
CVE-2025-5007
2025-05-20
LOW
3.5
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is…
CVE-2025-5001
2025-05-20
LOW
3.3
A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc…
CVE-2025-5000
2025-05-20
MEDIUM
6.3
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects…
CVE-2025-4999
2025-05-20
MEDIUM
6.3
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue…
CVE-2025-4998
2025-05-20
MEDIUM
6.5
A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability…
CVE-2025-4997
2025-05-20
MEDIUM
6.5
A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit_BasicSSID/Edit_GuestSSIDFor2P4G/Edit_BasicSSID_5G/SetAPInfoById…
CVE-2025-48056
2025-05-20
MEDIUM
5.3
Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network…
CVE-2025-4996
2025-05-20
LOW
2.4
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown…
CVE-2025-47290
2025-05-20
N/A
0.0
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image…
CVE-2025-4364
2025-05-20
N/A
0.0
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files…
CVE-2025-48391
2025-05-20
HIGH
7.7
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CVE-2025-47850
2025-05-20
MEDIUM
4.3
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVE-2025-47277
2025-05-20
CRITICAL
9.8
vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that…
CVE-2025-46725
2025-05-20
N/A
0.0
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval()…
CVE-2025-46724
2025-05-20
CRITICAL
9.8
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`.…
CVE-2025-37989
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test…
CVE-2025-37988
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()…
CVE-2025-37986
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration…
CVE-2025-37985
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE…
CVE-2025-37984
2025-05-20
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert…
« Anterior
Página 396 de 3521
Siguiente »
Page load link
Go to Top
