Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-29964
2025-05-13
HIGH
8.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29966
2025-05-13
HIGH
8.8
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-29967
2025-05-13
HIGH
8.8
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29968
2025-05-13
MEDIUM
6.5
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
CVE-2025-29969
2025-05-13
HIGH
7.5
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
CVE-2025-29970
2025-05-13
HIGH
7.8
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2023-39496
2024-05-03
HIGH
7.8
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2025-29971
2025-05-13
HIGH
7.5
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
CVE-2025-29973
2025-05-13
HIGH
7.0
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-29974
2025-05-13
MEDIUM
5.7
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2023-39497
2024-05-03
HIGH
7.8
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2025-29975
2025-05-13
HIGH
7.8
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-29976
2025-05-13
HIGH
7.8
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2025-29978
2025-05-13
HIGH
7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2023-39490
2024-05-03
HIGH
7.8
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2025-30381
2025-05-13
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30379
2025-05-13
HIGH
7.8
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30377
2025-05-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30376
2025-05-13
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-4905
2025-05-19
MEDIUM
5.3
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl…
CVE-2025-2561
2025-05-19
MEDIUM
4.8
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-4893
2025-05-18
MEDIUM
6.3
A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of…
CVE-2025-30733
2025-04-15
MEDIUM
6.5
Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7.…
CVE-2025-2560
2025-05-19
MEDIUM
4.8
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-2524
2025-05-19
MEDIUM
4.8
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-27891
2025-05-14
CRITICAL
9.1
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200,…
CVE-2024-4878
2025-05-19
N/A
0.0
Rejected reason: Unused CVE record, incorrectly reserved
CVE-2025-1627
2025-05-19
MEDIUM
5.4
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them…
CVE-2025-23165
2025-05-19
LOW
3.7
In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is…
CVE-2025-23123
2025-05-19
CRITICAL
10.0
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap…
CVE-2023-45121
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate…
CVE-2023-45120
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate…
CVE-2023-45119
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate…
CVE-2023-45118
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate…
CVE-2023-6142
2023-11-21
MEDIUM
5.4
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames.…
CVE-2023-6199
2023-11-20
MEDIUM
6.5
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to…
CVE-2023-45117
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate…
CVE-2023-45116
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate…
CVE-2023-45115
2023-12-21
HIGH
8.8
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters…
CVE-2025-30375
2025-05-13
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2024-2968
2024-03-29
MEDIUM
4.4
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…
CVE-2024-2969
2024-03-29
MEDIUM
5.4
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This…
CVE-2024-1538
2024-03-21
HIGH
8.8
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4.…
CVE-2025-30382
2025-05-13
HIGH
7.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2023-6385
2024-04-10
MEDIUM
4.3
The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers…
CVE-2025-48115
2025-05-16
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a…
CVE-2025-48114
2025-05-16
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin…
CVE-2025-48113
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects…
CVE-2025-48112
2025-05-16
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS.…
CVE-2025-48080
2025-05-16
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored…
« Anterior
Página 420 de 3526
Siguiente »
Page load link
Go to Top
