Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-35156
2022-09-30
CRITICAL
9.8
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
CVE-2022-21222
2022-09-30
MEDIUM
5.3
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure…
CVE-2025-30417
2025-05-15
HIGH
7.8
There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI…
CVE-2025-30418
2025-05-15
HIGH
7.8
There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in…
CVE-2025-30419
2025-05-15
HIGH
7.8
There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in…
CVE-2025-30420
2025-05-15
HIGH
7.8
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in…
CVE-2025-30421
2025-05-15
HIGH
7.8
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI…
CVE-2024-2643
2025-05-15
MEDIUM
4.8
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does…
CVE-2024-36950
2024-05-30
MEDIUM
4.4
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom…
CVE-2024-36941
2024-05-30
MEDIUM
5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing…
CVE-2024-1663
2025-05-15
MEDIUM
4.8
The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which…
CVE-2024-21538
2024-11-08
HIGH
7.5
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service…
CVE-2024-25652
2024-03-14
HIGH
7.6
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to…
CVE-2024-12014
2024-12-20
N/A
0.0
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated…
CVE-2023-7197
2025-05-15
HIGH
7.1
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation…
CVE-2023-7196
2025-05-15
MEDIUM
4.3
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings,…
CVE-2023-7195
2025-05-15
MEDIUM
4.3
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which…
CVE-2023-7174
2025-05-15
HIGH
7.1
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2023-7168
2025-05-15
MEDIUM
4.8
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which…
CVE-2023-52623
2024-03-26
MEDIUM
5.5
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the…
CVE-2022-42717
2022-10-11
HIGH
7.8
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If…
CVE-2022-41851
2022-10-11
HIGH
7.8
A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap…
CVE-2022-41385
2022-10-11
CRITICAL
9.8
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41384
2022-10-11
CRITICAL
9.8
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41383
2022-10-11
CRITICAL
9.8
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41209
2022-10-11
MEDIUM
5.2
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and…
CVE-2022-41206
2022-10-11
MEDIUM
5.4
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs…
CVE-2022-40872
2022-10-07
CRITICAL
9.8
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.
CVE-2022-33888
2022-10-03
HIGH
7.8
A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access…
CVE-2025-27191
2025-04-08
MEDIUM
5.3
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could…
CVE-2025-4863
2025-05-18
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown…
CVE-2025-4802
2025-05-16
HIGH
7.8
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically…
CVE-2025-37804
2025-05-08
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-21837
2025-03-07
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-21686
2025-02-10
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-21633
2025-01-19
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49933
2025-05-02
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49056
2025-02-26
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-36963
2024-06-03
HIGH
7.8
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's…
CVE-2022-42731
2022-10-11
HIGH
7.5
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another…
CVE-2022-41404
2022-10-11
HIGH
7.5
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial…
CVE-2022-42037
2022-10-11
CRITICAL
9.8
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-42238
2022-10-11
HIGH
8.8
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
CVE-2022-42236
2022-10-11
MEDIUM
5.4
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
CVE-2022-42034
2022-10-11
HIGH
8.8
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.
CVE-2022-41387
2022-10-11
CRITICAL
9.8
The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41386
2022-10-11
CRITICAL
9.8
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41382
2022-10-11
CRITICAL
9.8
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41381
2022-10-11
CRITICAL
9.8
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
CVE-2022-41380
2022-10-11
CRITICAL
9.8
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The…
« Anterior
Página 410 de 3522
Siguiente »
Page load link
Go to Top
