Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-1140
2024-02-13
MEDIUM
6.1
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
CVE-2024-0849
2024-02-07
MEDIUM
5.0
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CVE-2024-0788
2024-01-29
MEDIUM
6.6
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140…
CVE-2025-43553
2025-05-13
HIGH
7.8
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in…
CVE-2025-43554
2025-05-13
HIGH
7.8
Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-30322
2025-05-13
HIGH
7.8
Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-43571
2025-05-13
HIGH
7.8
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary…
CVE-2025-43551
2025-05-13
MEDIUM
5.5
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of…
CVE-2025-43549
2025-05-13
HIGH
7.8
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary…
CVE-2025-43568
2025-05-13
HIGH
7.8
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary…
CVE-2025-43569
2025-05-13
HIGH
7.8
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-43570
2025-05-13
HIGH
7.8
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary…
CVE-2025-43548
2025-05-13
HIGH
7.8
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in…
CVE-2025-43572
2025-05-13
HIGH
7.8
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in…
CVE-2023-27338
2024-05-03
MEDIUM
5.5
PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected…
CVE-2024-5935
2024-06-27
MEDIUM
5.4
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on…
CVE-2024-5186
2024-06-06
HIGH
7.2
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers…
CVE-2023-27337
2024-05-03
HIGH
7.8
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2023-35757
2024-05-07
HIGH
8.8
D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to…
CVE-2025-4190
2025-05-17
HIGH
7.2
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as…
CVE-2025-48187
2025-05-17
CRITICAL
9.1
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to…
CVE-2025-47889
2025-05-14
CRITICAL
9.8
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm,…
CVE-2025-43915
2025-05-05
MEDIUM
6.5
In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion…
CVE-2025-24661
2025-02-03
HIGH
8.8
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking…
CVE-2025-23167
2025-05-19
MEDIUM
6.5
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.…
CVE-2024-57273
2025-05-14
MEDIUM
5.4
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the…
CVE-2023-35006
2024-07-10
MEDIUM
5.4
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when…
CVE-2023-33860
2024-07-10
MEDIUM
5.3
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be…
CVE-2024-3851
2024-05-16
MEDIUM
5.4
A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can…
CVE-2025-4872
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of…
CVE-2025-4871
2025-05-18
HIGH
7.3
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown…
CVE-2025-4838
2025-05-17
MEDIUM
4.3
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost…
CVE-2025-47948
2025-05-17
HIGH
7.2
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2,…
CVE-2025-47945
2025-05-17
CRITICAL
9.1
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT)…
CVE-2025-47788
2025-05-15
N/A
0.0
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not…
CVE-2025-47787
2025-05-15
N/A
0.0
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The…
CVE-2025-47786
2025-05-15
N/A
0.0
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered…
CVE-2025-47785
2025-05-15
HIGH
8.3
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the…
CVE-2025-47710
2025-05-14
HIGH
7.4
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This…
CVE-2025-47709
2025-05-14
MEDIUM
6.5
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA…
CVE-2025-47706
2025-05-14
MEDIUM
4.8
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue…
CVE-2025-1626
2025-05-19
MEDIUM
5.4
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting…
CVE-2025-23166
2025-05-19
HIGH
7.5
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the…
CVE-2025-23164
2025-05-19
MEDIUM
4.4
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a…
CVE-2025-1625
2025-05-19
MEDIUM
5.4
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting…
CVE-2024-3062
2025-05-15
MEDIUM
4.8
The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings,…
CVE-2024-45516
2025-05-14
MEDIUM
6.1
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15…
CVE-2024-54779
2025-05-14
MEDIUM
5.4
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in…
CVE-2024-2869
2025-05-15
MEDIUM
4.8
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow…
CVE-2024-0403
2024-03-01
MEDIUM
6.5
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is…
« Anterior
Página 417 de 3525
Siguiente »
Page load link
Go to Top
