Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8479
2025-09-11
MEDIUM
4.3
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation…
CVE-2025-9059
2025-09-11
N/A
0.0
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.
CVE-2025-9034
2025-09-11
MEDIUM
6.1
The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
CVE-2025-10247
2025-09-11
MEDIUM
6.3
A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access controls. The…
CVE-2025-9910
2025-09-11
MEDIUM
4.7
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to…
CVE-2025-9776
2025-09-11
MEDIUM
6.5
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up…
CVE-2025-10246
2025-09-11
LOW
3.5
A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross…
CVE-2025-10245
2025-09-11
MEDIUM
4.3
A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component…
CVE-2025-10236
2025-09-11
MEDIUM
4.3
A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation…
CVE-2025-6088
2025-09-11
MEDIUM
4.2
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4…
CVE-2025-10235
2025-09-11
LOW
2.4
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of…
CVE-2025-10234
2025-09-11
LOW
2.4
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of…
CVE-2025-10233
2025-09-10
MEDIUM
6.3
A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path…
CVE-2025-10232
2025-09-10
MEDIUM
5.4
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path…
CVE-2025-10229
2025-09-10
MEDIUM
4.3
A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open…
CVE-2025-10218
2025-09-10
MEDIUM
6.3
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the…
CVE-2025-59052
2025-09-10
N/A
0.0
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container (the "platform injector") to hold request-specific…
CVE-2025-10216
2025-09-10
LOW
2.6
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of…
CVE-2025-54376
2025-09-10
N/A
0.0
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards…
CVE-2025-43783
2025-09-10
N/A
0.0
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update…
CVE-2025-10211
2025-09-10
MEDIUM
6.3
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads…
CVE-2024-47120
2025-09-10
MEDIUM
6.4
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the…
CVE-2024-45671
2025-09-10
MEDIUM
5.9
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-45669
2025-09-10
MEDIUM
6.5
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters…
CVE-2025-9714
2025-09-10
MEDIUM
6.2
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`,…
CVE-2025-59049
2025-09-10
HIGH
7.5
Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the…
CVE-2025-54123
2025-09-10
CRITICAL
9.8
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due…
CVE-2025-43784
2025-09-10
N/A
0.0
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users…
CVE-2025-10210
2025-09-10
MEDIUM
6.3
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead…
CVE-2025-10209
2025-09-10
MEDIUM
5.4
A security flaw has been discovered in Papermerge DMS up to 3.5.3. This issue affects some unknown processing of the component Authorization Token Handler. Performing manipulation results in…
CVE-2025-10201
2025-09-10
HIGH
8.8
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium…
CVE-2025-10200
2025-09-10
HIGH
8.8
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium…
CVE-2025-8696
2025-09-10
HIGH
7.5
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork…
CVE-2025-57392
2025-09-10
HIGH
7.8
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and…
CVE-2025-55976
2025-09-10
HIGH
8.4
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password…
CVE-2025-50892
2025-09-10
HIGH
7.8
The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a…
CVE-2025-57573
2025-09-10
MEDIUM
5.6
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
CVE-2025-57572
2025-09-10
MEDIUM
5.6
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
CVE-2025-57570
2025-09-10
MEDIUM
5.6
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
CVE-2025-57569
2025-09-10
MEDIUM
5.6
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
CVE-2025-57571
2025-09-10
MEDIUM
5.6
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
CVE-2025-9943
2025-09-10
CRITICAL
9.1
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to…
CVE-2025-29592
2025-09-10
MEDIUM
5.6
oasys v1.1 is vulnerable to Directory Traversal in ProcedureController.
CVE-2025-57642
2025-09-10
N/A
0.0
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution…
CVE-2025-57520
2025-09-10
N/A
0.0
A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered…
CVE-2025-43785
2025-09-10
N/A
0.0
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92…
CVE-2025-8681
2025-09-10
MEDIUM
5.5
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.
CVE-2025-59045
2025-09-10
N/A
0.0
Stalwart is a mail and collaboration server. Starting in version 0.12.0 and prior to version 0.13.3, a memory exhaustion vulnerability exists in Stalwart's CalDAV implementation that allows authenticated…
CVE-2025-59041
2025-09-10
N/A
0.0
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user…
CVE-2025-59035
2025-09-10
MEDIUM
4.6
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math…
« Anterior
Página 475 de 3937
Siguiente »
Page load link
Go to Top
