Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-4497
2025-05-10
MEDIUM
5.3
A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue…
CVE-2025-26492
2025-02-11
HIGH
7.7
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVE-2025-26493
2025-02-11
MEDIUM
4.6
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
CVE-2025-31139
2025-03-27
MEDIUM
4.3
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
CVE-2025-31140
2025-03-27
MEDIUM
4.6
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
CVE-2025-31141
2025-03-27
LOW
2.7
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVE-2025-46432
2025-04-25
MEDIUM
4.3
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
CVE-2025-46433
2025-04-25
MEDIUM
4.9
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
CVE-2025-46618
2025-04-25
LOW
3.5
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
CVE-2025-33104
2025-05-14
MEDIUM
4.4
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2025-2900
2025-05-14
HIGH
7.5
IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a…
CVE-2025-0138
2025-05-14
N/A
0.0
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are…
CVE-2025-0137
2025-05-14
N/A
0.0
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious…
CVE-2025-0136
2025-05-14
N/A
0.0
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and…
CVE-2025-0135
2025-05-14
N/A
0.0
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non…
CVE-2025-0134
2025-05-14
N/A
0.0
A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary…
CVE-2025-0133
2025-05-14
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables…
CVE-2025-0132
2025-05-14
N/A
0.0
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal…
CVE-2025-0131
2025-05-14
N/A
0.0
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app…
CVE-2025-4639
2025-05-14
N/A
0.0
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects…
CVE-2025-4638
2025-05-14
N/A
0.0
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue…
CVE-2025-4637
2025-05-14
N/A
0.0
Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file.…
CVE-2025-46786
2025-05-14
MEDIUM
4.3
Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via…
CVE-2025-46785
2025-05-14
MEDIUM
6.5
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service…
CVE-2025-30668
2025-05-14
MEDIUM
6.5
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network…
CVE-2025-30667
2025-05-14
MEDIUM
6.5
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of…
CVE-2025-30666
2025-05-14
MEDIUM
6.5
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of…
CVE-2025-30665
2025-05-14
MEDIUM
6.5
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of…
CVE-2025-30664
2025-05-14
MEDIUM
6.6
Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of…
CVE-2025-30663
2025-05-14
HIGH
8.8
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2025-0130
2025-05-14
N/A
0.0
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker…
CVE-2025-47707
2025-05-14
HIGH
7.5
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This…
CVE-2025-47705
2025-05-14
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This…
CVE-2025-47702
2025-05-14
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue…
CVE-2025-40595
2025-05-14
HIGH
7.2
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded…
CVE-2025-3932
2025-05-14
MEDIUM
6.5
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to…
CVE-2025-3909
2025-05-14
MEDIUM
6.5
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested…
CVE-2025-3877
2025-05-14
MEDIUM
5.4
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or…
CVE-2025-3875
2025-05-14
HIGH
7.5
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address…
CVE-2025-47782
2025-05-14
N/A
0.0
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through…
CVE-2025-47781
2025-05-14
CRITICAL
9.8
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based…
CVE-2025-47778
2025-05-14
N/A
0.0
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1,…
CVE-2025-47777
2025-05-14
CRITICAL
9.6
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to…
CVE-2025-47775
2025-05-14
MEDIUM
6.2
Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks…
CVE-2025-24969
2025-05-14
MEDIUM
5.0
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other…
CVE-2025-24785
2025-05-14
MEDIUM
4.3
iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the…
CVE-2025-24026
2025-05-14
MEDIUM
5.3
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of…
CVE-2025-24022
2025-05-14
HIGH
8.5
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is…
CVE-2025-24021
2025-05-14
MEDIUM
5.0
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account…
CVE-2024-56157
2025-05-14
MEDIUM
6.3
iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in…
« Anterior
Página 430 de 3527
Siguiente »
Page load link
Go to Top
