Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-3049
2022-09-26
HIGH
8.8
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who…
CVE-2022-3048
2022-09-26
MEDIUM
6.8
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to…
CVE-2022-36158
2022-09-26
HIGH
8.0
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors…
CVE-2022-30003
2022-09-26
MEDIUM
5.4
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller…
CVE-2022-22058
2022-09-26
HIGH
8.4
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-27853
2022-09-27
MEDIUM
4.7
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN…
CVE-2025-1104
2025-02-07
HIGH
7.3
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation…
CVE-2024-55532
2025-03-03
CRITICAL
9.8
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are…
CVE-2024-56914
2025-01-22
MEDIUM
5.7
D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
CVE-2025-25429
2025-02-28
MEDIUM
4.8
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the…
CVE-2025-25428
2025-02-28
HIGH
8.0
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as…
CVE-2025-25430
2025-02-28
MEDIUM
4.8
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
CVE-2024-13726
2025-02-17
HIGH
8.6
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL…
CVE-2024-37607
2024-12-17
MEDIUM
6.5
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2024-37606
2024-12-17
MEDIUM
6.5
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2024-42093
2024-07-29
HIGH
7.3
In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y…
CVE-2024-41057
2024-07-29
HIGH
7.0
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue…
CVE-2024-56662
2024-12-27
MEDIUM
6.0
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected…
CVE-2024-50705
2025-03-04
HIGH
7.1
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the…
CVE-2025-1955
2025-03-04
LOW
3.5
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected…
CVE-2024-48246
2025-03-05
MEDIUM
5.4
Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php.
CVE-2024-37605
2024-12-17
MEDIUM
6.5
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2024-13868
2025-03-06
MEDIUM
6.1
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape…
CVE-2024-36831
2024-12-17
MEDIUM
5.3
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service…
CVE-2025-0624
2025-02-19
HIGH
7.6
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub…
CVE-2022-40929
2022-09-28
CRITICAL
9.8
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about…
CVE-2022-40942
2022-09-28
CRITICAL
9.8
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
CVE-2022-40878
2022-09-27
HIGH
8.8
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve…
CVE-2022-40877
2022-09-27
CRITICAL
9.8
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
CVE-2022-40817
2022-09-27
MEDIUM
4.3
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly…
CVE-2022-40475
2022-09-29
CRITICAL
9.8
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
CVE-2022-40486
2022-09-28
HIGH
8.8
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute…
CVE-2022-40497
2022-09-28
HIGH
8.8
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution…
CVE-2022-40816
2022-09-27
MEDIUM
6.5
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are…
CVE-2022-40126
2022-09-29
HIGH
7.8
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute…
CVE-2022-40083
2022-09-28
CRITICAL
9.6
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be…
CVE-2022-40082
2022-09-28
HIGH
7.5
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.
CVE-2022-40354
2022-09-27
HIGH
7.2
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at…
CVE-2022-3323
2022-09-27
HIGH
7.5
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP…
CVE-2022-38934
2022-09-28
LOW
3.3
readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.
CVE-2022-36771
2022-09-28
MEDIUM
6.5
IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have…
CVE-2022-36448
2022-09-28
HIGH
8.2
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in…
CVE-2022-38932
2022-09-27
HIGH
7.8
readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.
CVE-2022-38335
2022-09-27
MEDIUM
5.4
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVE-2022-23716
2022-09-28
MEDIUM
5.3
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key…
CVE-2022-2760
2022-09-28
MEDIUM
4.3
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does…
CVE-2022-32166
2022-09-28
MEDIUM
6.1
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function…
CVE-2022-32168
2022-09-28
HIGH
7.8
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with…
CVE-2022-1270
2022-09-28
HIGH
7.8
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
CVE-2021-43980
2022-09-28
LOW
3.7
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a…
« Anterior
Página 403 de 3521
Siguiente »
Page load link
Go to Top
