Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-50848
2025-07-31
MEDIUM
6.1
A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows…
CVE-2025-50847
2025-07-31
MEDIUM
6.5
Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list…
CVE-2025-50270
2025-07-31
MEDIUM
6.1
A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to…
CVE-2025-37112
2025-07-31
MEDIUM
6.0
A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function…
CVE-2025-37111
2025-07-31
MEDIUM
6.0
A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function…
CVE-2025-37110
2025-07-31
MEDIUM
6.0
A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network…
CVE-2025-37109
2025-07-31
LOW
3.5
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
CVE-2025-37108
2025-07-31
LOW
3.5
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
CVE-2025-29557
2025-07-31
MEDIUM
5.4
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level…
CVE-2025-26064
2025-07-31
HIGH
7.3
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or…
CVE-2025-26063
2025-07-31
CRITICAL
9.8
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted…
CVE-2025-26062
2025-07-31
CRITICAL
9.8
An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file…
CVE-2025-29556
2025-07-31
HIGH
7.3
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with…
CVE-2024-34328
2025-07-31
MEDIUM
6.3
An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
CVE-2024-34327
2025-07-31
MEDIUM
6.5
Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset…
CVE-2025-51503
2025-07-31
HIGH
7.6
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields,…
CVE-2025-51385
2025-07-31
LOW
3.5
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
CVE-2025-51384
2025-07-31
LOW
3.5
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
CVE-2025-51383
2025-07-31
LOW
3.5
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
CVE-2025-8426
2025-07-31
CRITICAL
9.4
Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or…
CVE-2025-54834
2025-07-31
MEDIUM
5.3
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check…
CVE-2025-54833
2025-07-31
MEDIUM
5.3
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can…
CVE-2025-54832
2025-07-31
MEDIUM
4.3
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states…
CVE-2025-8409
2025-07-31
HIGH
7.3
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an…
CVE-2025-52203
2025-07-31
HIGH
7.6
A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which…
CVE-2025-46809
2025-07-31
MEDIUM
5.7
A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue…
CVE-2025-8408
2025-07-31
HIGH
7.3
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of…
CVE-2025-52289
2025-07-31
HIGH
8.0
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted…
CVE-2025-50849
2025-07-31
HIGH
8.0
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers…
CVE-2025-50475
2025-07-31
CRITICAL
9.8
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as…
CVE-2025-34146
2025-07-31
N/A
0.0
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions
CVE-2014-125126
2025-07-31
N/A
0.0
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass…
CVE-2014-125125
2025-07-31
N/A
0.0
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the…
CVE-2014-125124
2025-07-31
N/A
0.0
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web…
CVE-2014-125123
2025-07-31
N/A
0.0
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12.…
CVE-2014-125122
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered…
CVE-2014-125121
2025-07-31
N/A
0.0
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a…
CVE-2013-10043
2025-07-31
N/A
0.0
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an…
CVE-2013-10042
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command.…
CVE-2013-10040
2025-07-31
N/A
0.0
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated…
CVE-2013-10039
2025-07-31
N/A
0.0
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter…
CVE-2013-10038
2025-07-31
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to…
CVE-2013-10037
2025-07-31
N/A
0.0
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and…
CVE-2013-10036
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration…
CVE-2013-10035
2025-07-31
N/A
0.0
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user…
CVE-2013-10034
2025-07-31
N/A
0.0
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to…
CVE-2013-10033
2025-07-31
N/A
0.0
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject…
CVE-2012-10021
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the…
CVE-2011-10008
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files…
CVE-2025-8407
2025-07-31
HIGH
7.3
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown…
« Anterior
Página 41 de 3396
Siguiente »
Page load link
Go to Top
