Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-42077
2022-10-12
MEDIUM
6.5
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-25665
2022-10-19
MEDIUM
6.8
Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CVE-2022-25664
2022-10-19
MEDIUM
6.2
Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon…
CVE-2022-25663
2022-10-19
MEDIUM
5.5
Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service…
CVE-2022-41403
2022-10-12
CRITICAL
9.8
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
CVE-2022-28887
2022-10-12
MEDIUM
4.3
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can…
CVE-2022-38388
2022-10-11
MEDIUM
5.5
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper…
CVE-2022-25662
2022-10-19
MEDIUM
5.3
Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon…
CVE-2022-22077
2022-10-19
HIGH
8.4
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
CVE-2021-36369
2022-10-12
HIGH
7.5
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the…
CVE-2024-10703
2025-03-25
MEDIUM
6.1
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which…
CVE-2024-11272
2025-03-25
MEDIUM
6.1
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some…
CVE-2024-11273
2025-03-25
MEDIUM
6.1
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some…
CVE-2024-6024
2024-07-12
HIGH
8.8
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could…
CVE-2024-3026
2024-07-13
MEDIUM
5.4
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users…
CVE-2025-30326
2025-05-13
HIGH
7.8
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…
CVE-2025-30328
2025-05-13
HIGH
7.8
Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution…
CVE-2025-30329
2025-05-13
MEDIUM
5.5
Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.…
CVE-2025-30330
2025-05-13
HIGH
7.8
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code…
CVE-2025-43545
2025-05-13
HIGH
7.8
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary…
CVE-2025-43546
2025-05-13
HIGH
7.8
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in…
CVE-2025-43547
2025-05-13
HIGH
7.8
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary…
CVE-2025-43555
2025-05-13
HIGH
7.8
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in…
CVE-2025-43556
2025-05-13
HIGH
7.8
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary…
CVE-2025-43557
2025-05-13
HIGH
7.8
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary…
CVE-2025-4660
2025-05-13
CRITICAL
9.8
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named…
CVE-2025-45861
2025-05-13
CRITICAL
9.8
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.
CVE-2023-20198
2023-10-16
CRITICAL
10.0
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS…
CVE-2025-45865
2025-05-13
CRITICAL
9.8
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.
CVE-2024-3632
2024-07-13
MEDIUM
6.8
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which…
CVE-2024-4269
2024-07-13
MEDIUM
6.1
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the…
CVE-2024-4272
2024-07-13
MEDIUM
6.1
The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the…
CVE-2024-4602
2024-07-13
MEDIUM
5.4
The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow…
CVE-2024-4752
2024-07-13
MEDIUM
5.9
The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2022-42901
2022-10-13
HIGH
7.8
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting…
CVE-2022-42900
2022-10-13
HIGH
7.8
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues…
CVE-2022-42161
2022-10-13
HIGH
8.8
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.
CVE-2022-42899
2022-10-13
HIGH
7.8
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files.…
CVE-2022-42897
2022-10-13
CRITICAL
9.8
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of…
CVE-2022-42715
2022-10-12
MEDIUM
6.1
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file…
CVE-2022-42711
2022-10-12
CRITICAL
9.6
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could…
CVE-2022-42087
2022-10-12
MEDIUM
6.5
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2024-5030
2024-11-18
LOW
3.8
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings,…
CVE-2024-52316
2024-11-18
CRITICAL
9.8
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component…
CVE-2024-52317
2024-11-18
MEDIUM
6.5
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could…
CVE-2024-52318
2024-11-18
MEDIUM
6.1
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended…
CVE-2024-46055
2024-11-27
MEDIUM
4.8
OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.
CVE-2024-10473
2024-11-28
MEDIUM
5.4
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them…
CVE-2024-10493
2024-11-28
MEDIUM
5.4
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does…
CVE-2024-10896
2024-11-28
MEDIUM
5.4
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which…
« Anterior
Página 440 de 3529
Siguiente »
Page load link
Go to Top
