Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-10973
2025-09-25
HIGH
7.3
A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument…
CVE-2025-59844
2025-09-26
N/A
0.0
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0…
CVE-2025-11030
2025-09-26
HIGH
7.3
A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The…
CVE-2025-59843
2025-09-26
N/A
0.0
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The…
CVE-2025-59842
2025-09-26
N/A
0.0
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files…
CVE-2025-58385
2025-09-26
HIGH
7.1
In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
CVE-2025-57292
2025-09-26
MEDIUM
6.1
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
CVE-2025-56463
2025-09-26
MEDIUM
6.8
Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.
CVE-2025-11026
2025-09-26
LOW
3.5
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information…
CVE-2025-35027
2025-09-26
HIGH
7.3
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when…
CVE-2025-11017
2025-09-26
LOW
3.3
A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results…
CVE-2025-6396
2025-09-26
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting (XSS).This issue affects Website Software: through…
CVE-2025-36326
2025-09-26
LOW
3.7
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys…
CVE-2025-36274
2025-09-26
HIGH
7.5
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
CVE-2025-11019
2025-09-26
LOW
2.4
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting.…
CVE-2025-55560
2025-09-25
N/A
0.0
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVE-2025-55559
2025-09-25
N/A
0.0
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
CVE-2025-55558
2025-09-25
N/A
0.0
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service…
CVE-2025-55557
2025-09-25
N/A
0.0
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55556
2025-09-25
N/A
0.0
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
CVE-2025-55554
2025-09-25
N/A
0.0
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55553
2025-09-25
N/A
0.0
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552
2025-09-25
N/A
0.0
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-43943
2025-09-25
MEDIUM
6.7
Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker…
CVE-2025-33116
2025-09-25
MEDIUM
4.4
IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in…
CVE-2025-26333
2025-09-25
MEDIUM
5.9
Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
CVE-2025-10953
2025-09-25
HIGH
8.8
A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument…
CVE-2025-10952
2025-09-25
MEDIUM
5.3
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File…
CVE-2025-10911
2025-09-25
MEDIUM
5.5
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
CVE-2024-48014
2025-09-25
HIGH
7.5
Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial…
CVE-2025-59838
2025-09-25
N/A
0.0
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This…
CVE-2025-59832
2025-09-25
CRITICAL
9.9
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A…
CVE-2025-59830
2025-09-25
HIGH
7.5
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both &…
CVE-2025-59823
2025-09-25
CRITICAL
9.9
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version…
CVE-2025-55551
2025-09-25
N/A
0.0
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVE-2025-46153
2025-09-25
MEDIUM
5.3
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for…
CVE-2025-46152
2025-09-25
MEDIUM
5.3
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46150
2025-09-25
MEDIUM
5.3
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
CVE-2025-46149
2025-09-25
MEDIUM
5.3
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
CVE-2025-46148
2025-09-25
MEDIUM
5.3
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVE-2025-40838
2025-09-25
N/A
0.0
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of user accounts.
CVE-2025-40837
2025-09-25
N/A
0.0
Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
CVE-2025-40836
2025-09-25
N/A
0.0
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification…
CVE-2025-36857
2025-09-25
LOW
3.3
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging…
CVE-2025-36601
2025-09-25
MEDIUM
4.0
Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading…
CVE-2025-27262
2025-09-25
N/A
0.0
Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification of…
CVE-2025-10951
2025-09-25
HIGH
7.3
A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File…
CVE-2025-10950
2025-09-25
MEDIUM
6.3
A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the…
CVE-2025-10949
2025-09-25
LOW
2.4
A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross…
CVE-2025-10542
2025-09-25
CRITICAL
9.8
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote…
« Anterior
Página 421 de 3934
Siguiente »
Page load link
Go to Top
