Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-37871
2024-07-09
HIGH
8.2
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers…
CVE-2024-10815
2025-01-09
MEDIUM
4.2
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which…
CVE-2024-37872
2024-07-09
HIGH
8.1
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands…
CVE-2024-12096
2024-12-24
MEDIUM
6.1
The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back…
CVE-2024-6235
2024-07-10
HIGH
8.8
Sensitive information disclosure in NetScaler Console
CVE-2025-45867
2025-05-13
MEDIUM
5.4
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVE-2025-45866
2025-05-13
MEDIUM
5.4
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVE-2025-45864
2025-05-13
MEDIUM
5.4
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVE-2025-45859
2025-05-13
MEDIUM
5.4
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVE-2025-44831
2025-05-13
CRITICAL
9.8
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
CVE-2025-28057
2025-05-13
HIGH
7.2
owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.
CVE-2022-42969
2022-10-16
MEDIUM
5.3
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack…
CVE-2022-42968
2022-10-16
CRITICAL
9.8
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
CVE-2022-42961
2022-10-15
MEDIUM
5.3
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key…
CVE-2022-42234
2022-10-14
HIGH
8.8
There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2022-41601
2022-10-14
LOW
3.4
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of…
CVE-2022-42071
2022-10-14
MEDIUM
6.1
Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.
CVE-2022-41600
2022-10-14
LOW
3.4
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of…
CVE-2022-41585
2022-10-14
HIGH
7.8
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41584
2022-10-14
HIGH
7.8
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41583
2022-10-14
HIGH
7.5
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics…
CVE-2022-41582
2022-10-14
HIGH
7.5
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41581
2022-10-14
CRITICAL
9.1
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction…
CVE-2022-41577
2022-10-14
HIGH
7.1
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation…
CVE-2022-41576
2022-10-14
HIGH
7.8
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to…
CVE-2022-41539
2022-10-14
HIGH
8.8
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers…
CVE-2022-33214
2022-10-19
HIGH
8.4
Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,…
CVE-2022-33210
2022-10-19
HIGH
8.4
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very…
CVE-2022-2992
2022-10-17
CRITICAL
9.9
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows…
CVE-2022-41323
2022-10-16
HIGH
7.5
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial…
CVE-2022-2884
2022-10-17
CRITICAL
9.9
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to…
CVE-2017-20149
2022-10-15
CRITICAL
9.8
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote…
CVE-2024-10858
2024-12-25
MEDIUM
6.1
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to…
CVE-2024-10903
2024-12-26
MEDIUM
4.7
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to…
CVE-2024-12941
2024-12-26
MEDIUM
6.3
A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown…
CVE-2024-13688
2025-04-28
MEDIUM
5.3
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing…
CVE-2024-13685
2025-03-04
MEDIUM
5.3
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an…
CVE-2024-11644
2024-12-27
MEDIUM
5.9
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back…
CVE-2024-11921
2024-12-27
MEDIUM
4.8
The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page,…
CVE-2025-21609
2025-01-03
CRITICAL
9.1
SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The…
CVE-2024-28322
2024-04-26
CRITICAL
9.8
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id…
CVE-2024-3433
2024-04-07
LOW
3.5
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the…
CVE-2024-3432
2024-04-07
MEDIUM
5.5
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown…
CVE-2025-30320
2025-05-13
MEDIUM
5.5
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application…
CVE-2025-30319
2025-05-13
MEDIUM
5.5
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application…
CVE-2025-30318
2025-05-13
HIGH
7.8
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-30310
2025-05-13
HIGH
7.8
Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that…
CVE-2024-11849
2025-01-06
MEDIUM
6.1
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2025-47204
2025-05-13
MEDIUM
6.1
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes…
CVE-2025-45857
2025-05-13
CRITICAL
9.8
EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp…
« Anterior
Página 449 de 3529
Siguiente »
Page load link
Go to Top
