Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47790
2025-05-16
MEDIUM
6.4
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise…
CVE-2025-32962
2025-05-16
MEDIUM
4.3
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious…
CVE-2025-40629
2025-05-16
N/A
0.0
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal…
CVE-2025-2306
2025-05-16
MEDIUM
5.9
An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents…
CVE-2025-2305
2025-05-16
HIGH
8.6
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files,…
CVE-2025-4770
2025-05-16
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects…
CVE-2025-4769
2025-05-16
HIGH
7.0
A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file…
CVE-2025-40632
2025-05-16
N/A
0.0
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie…
CVE-2025-40631
2025-05-16
N/A
0.0
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a…
CVE-2025-40630
2025-05-16
N/A
0.0
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to…
CVE-2025-4768
2025-05-16
MEDIUM
6.3
A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of…
CVE-2025-4767
2025-05-16
MEDIUM
5.3
A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue…
CVE-2025-1975
2025-05-16
HIGH
7.5
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack…
CVE-2024-53827
2025-05-16
HIGH
7.5
Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may…
CVE-2025-3624
2025-05-16
MEDIUM
4.3
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center…
CVE-2025-1531
2025-05-16
MEDIUM
6.5
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before…
CVE-2024-8201
2025-05-16
MEDIUM
5.4
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before…
CVE-2025-1245
2025-05-16
MEDIUM
6.5
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center…
CVE-2025-4747
2025-05-16
MEDIUM
6.3
A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of…
CVE-2025-48175
2025-05-16
MEDIUM
4.5
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
CVE-2025-4742
2025-05-16
MEDIUM
5.3
A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of…
CVE-2025-4740
2025-05-16
MEDIUM
5.3
A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown…
CVE-2025-4169
2025-05-16
MEDIUM
6.4
The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in…
CVE-2025-4733
2025-05-16
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some…
CVE-2025-4732
2025-05-16
HIGH
8.8
A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the…
CVE-2025-47809
2025-05-16
HIGH
8.2
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must…
CVE-2025-4730
2025-05-16
HIGH
8.8
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue…
CVE-2025-4729
2025-05-16
MEDIUM
6.3
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability…
CVE-2025-47930
2025-05-16
N/A
0.0
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create…
CVE-2025-4727
2025-05-15
LOW
3.7
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of…
CVE-2025-47275
2025-05-15
CRITICAL
9.1
Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0,…
CVE-2025-47929
2025-05-15
N/A
0.0
DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability…
CVE-2025-47928
2025-05-15
CRITICAL
9.1
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by…
CVE-2025-47789
2025-05-15
MEDIUM
6.1
Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an…
CVE-2025-47784
2025-05-15
N/A
0.0
Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates…
CVE-2025-46834
2025-05-15
N/A
0.0
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x…
CVE-2024-9831
2025-05-15
HIGH
7.2
The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement,…
CVE-2024-26152
2024-02-22
MEDIUM
4.7
### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized…
CVE-2023-3966
2024-02-22
HIGH
7.5
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in…
CVE-2025-4500
2025-05-10
MEDIUM
5.3
A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue…
CVE-2025-4469
2025-05-09
LOW
2.4
A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function…
CVE-2022-42160
2022-10-13
HIGH
8.8
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
CVE-2022-42159
2022-10-13
MEDIUM
4.3
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
CVE-2022-34021
2022-10-13
MEDIUM
5.4
Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.
CVE-2022-34020
2022-10-13
HIGH
8.8
Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to…
CVE-2022-33106
2022-10-12
CRITICAL
9.8
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force…
CVE-2022-24697
2022-10-13
CRITICAL
9.8
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can…
CVE-2021-20030
2022-10-13
HIGH
7.5
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing…
CVE-2018-18447
2022-10-12
CRITICAL
9.8
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
CVE-2018-18446
2022-10-12
CRITICAL
9.8
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
« Anterior
Página 436 de 3529
Siguiente »
Page load link
Go to Top
