Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-32400
2025-05-07
HIGH
7.5
An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO…
CVE-2025-32399
2025-05-07
MEDIUM
5.3
An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices…
CVE-2025-32398
2025-05-07
HIGH
7.5
A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO…
CVE-2025-32397
2025-05-07
HIGH
7.5
An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO…
CVE-2025-32396
2025-05-07
HIGH
7.5
An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO…
CVE-2025-4368
2025-05-06
HIGH
8.8
A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the…
CVE-2025-4363
2025-05-06
HIGH
7.3
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some…
CVE-2025-45492
2025-05-06
CRITICAL
9.8
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
CVE-2025-45491
2025-05-06
CRITICAL
9.8
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVE-2025-45490
2025-05-06
CRITICAL
9.8
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
CVE-2025-45489
2025-05-06
CRITICAL
9.8
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
CVE-2025-45488
2025-05-06
CRITICAL
9.8
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
CVE-2025-45487
2025-05-06
CRITICAL
9.8
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
CVE-2025-23379
2025-05-06
LOW
3.5
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site…
CVE-2025-2657
2025-03-23
HIGH
7.3
A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an…
CVE-2025-22479
2025-05-06
LOW
3.5
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2025-22478
2025-05-06
HIGH
8.1
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An…
CVE-2025-22477
2025-05-06
HIGH
8.3
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network…
CVE-2025-46721
2025-05-13
N/A
0.0
nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker…
CVE-2025-46392
2025-05-09
MEDIUM
6.5
Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x…
CVE-2025-45239
2025-05-05
MEDIUM
5.3
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
CVE-2025-28062
2025-05-05
HIGH
8.1
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform…
CVE-2025-26599
2025-02-25
HIGH
7.8
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it…
CVE-2025-26598
2025-02-25
HIGH
7.8
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on…
CVE-2025-26597
2025-02-25
HIGH
7.8
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will…
CVE-2025-26596
2025-02-25
HIGH
7.8
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what…
CVE-2025-26595
2025-02-25
HIGH
7.8
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the…
CVE-2025-26594
2025-02-25
HIGH
7.8
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a…
CVE-2024-48766
2025-05-13
HIGH
8.6
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors…
CVE-2024-46506
2025-05-13
CRITICAL
10.0
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as…
CVE-2025-0690
2025-02-24
MEDIUM
6.1
The read command is used to read the keyboard input from the user, while reads it keeps the input length…
CVE-2025-0677
2025-02-19
MEDIUM
6.4
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size…
CVE-2025-0622
2025-02-18
MEDIUM
6.4
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related…
CVE-2024-45783
2025-02-18
MEDIUM
4.4
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set…
CVE-2024-9632
2024-10-30
HIGH
7.8
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may…
CVE-2024-45781
2025-02-18
MEDIUM
6.7
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate…
CVE-2024-45776
2025-02-18
MEDIUM
6.7
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer.…
CVE-2024-45775
2025-02-18
MEDIUM
5.2
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list.…
CVE-2024-45774
2025-02-18
MEDIUM
6.7
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly…
CVE-2023-45892
2024-01-02
HIGH
7.5
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to…
CVE-2022-43968
2022-11-14
MEDIUM
6.1
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons…
CVE-2022-42060
2022-11-15
HIGH
7.5
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows…
CVE-2022-43695
2022-11-14
MEDIUM
4.8
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations…
CVE-2022-43967
2022-11-14
MEDIUM
6.1
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report…
CVE-2022-43295
2022-11-14
MEDIUM
5.5
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
CVE-2022-41544
2022-10-18
CRITICAL
9.8
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
CVE-2022-40845
2022-11-15
MEDIUM
6.5
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper…
CVE-2022-2908
2022-10-17
MEDIUM
4.3
A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2…
CVE-2022-2630
2022-10-17
MEDIUM
4.3
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3…
CVE-2022-2592
2022-10-17
MEDIUM
6.5
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to…
« Anterior
Página 452 de 3529
Siguiente »
Page load link
Go to Top
