Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47580
2025-05-15
MEDIUM
5.4
Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End…
CVE-2025-48051
2025-05-15
MEDIUM
4.7
powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which…
CVE-2025-3440
2025-05-15
MEDIUM
5.5
IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript…
CVE-2025-2570
2025-05-15
LOW
2.7
Mattermost versions 10.5.x
CVE-2025-2527
2025-05-15
MEDIUM
4.3
Mattermost versions 10.5.x
CVE-2025-4701
2025-05-15
MEDIUM
5.3
A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the…
CVE-2025-46052
2025-05-15
CRITICAL
9.8
An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data…
CVE-2025-4762
2025-05-15
N/A
0.0
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms…
CVE-2025-4564
2025-05-15
CRITICAL
9.8
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation…
CVE-2025-3446
2025-05-15
MEDIUM
4.3
Mattermost versions 10.6.x
CVE-2025-31947
2025-05-15
MEDIUM
5.8
Mattermost versions 10.6.x
CVE-2025-32738
2025-05-15
MEDIUM
5.3
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier.…
CVE-2025-32002
2025-05-15
CRITICAL
9.8
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached…
CVE-2025-4737
2025-05-15
MEDIUM
6.2
Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.
CVE-2025-27525
2025-05-15
LOW
3.9
Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management…
CVE-2025-27524
2025-05-15
MEDIUM
5.3
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management…
CVE-2025-27523
2025-05-15
HIGH
8.7
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2…
CVE-2025-48027
2025-05-15
MEDIUM
5.4
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.
CVE-2024-13914
2025-05-15
HIGH
7.2
The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,…
CVE-2025-48024
2025-05-15
MEDIUM
5.0
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
CVE-2025-3053
2025-05-15
HIGH
8.8
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution…
CVE-2025-4591
2025-05-15
MEDIUM
6.4
The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions…
CVE-2025-4589
2025-05-15
MEDIUM
6.4
The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions…
CVE-2025-4126
2025-05-15
MEDIUM
6.4
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up…
CVE-2025-3917
2025-05-15
CRITICAL
9.8
The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library…
CVE-2025-4579
2025-05-15
HIGH
7.2
The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters…
CVE-2025-47783
2025-05-14
N/A
0.0
Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker…
CVE-2025-32421
2025-05-14
LOW
3.7
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability.…
CVE-2024-45067
2025-05-14
HIGH
8.2
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable…
CVE-2025-47888
2025-05-14
MEDIUM
5.9
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
CVE-2025-47887
2025-05-14
MEDIUM
4.3
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an…
CVE-2025-47886
2025-05-14
MEDIUM
4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an…
CVE-2025-47885
2025-05-14
HIGH
8.8
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting…
CVE-2025-47884
2025-05-14
CRITICAL
9.1
In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of…
CVE-2025-44879
2025-05-14
HIGH
7.5
WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a…
CVE-2025-44024
2025-05-14
MEDIUM
6.1
Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization…
CVE-2025-26783
2025-05-14
HIGH
7.5
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380,…
CVE-2025-32363
2025-05-14
CRITICAL
9.8
mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.
CVE-2025-25370
2025-05-14
MEDIUM
4.6
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to…
CVE-2024-58101
2025-05-14
HIGH
8.1
Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way…
CVE-2024-57096
2025-05-14
MEDIUM
5.5
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVE-2025-4641
2025-05-14
N/A
0.0
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules)…
CVE-2025-4640
2025-05-14
N/A
0.0
Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from…
CVE-2025-4780
2025-05-16
MEDIUM
6.3
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects…
CVE-2025-4778
2025-05-16
MEDIUM
6.3
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects…
CVE-2025-4600
2025-05-16
N/A
0.0
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP…
CVE-2025-4211
2025-05-16
N/A
0.0
Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially…
CVE-2025-47790
2025-05-16
MEDIUM
6.4
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise…
CVE-2025-32962
2025-05-16
MEDIUM
4.3
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious…
CVE-2025-40629
2025-05-16
N/A
0.0
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal…
« Anterior
Página 434 de 3528
Siguiente »
Page load link
Go to Top
