Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-58758
2025-09-09
MEDIUM
5.1
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment…
CVE-2025-58753
2025-09-09
N/A
0.0
Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created…
CVE-2025-58442
2025-09-09
MEDIUM
5.3
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could…
CVE-2025-58435
2025-09-09
N/A
0.0
Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version…
CVE-2025-58180
2025-09-09
N/A
0.0
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a…
CVE-2025-55054
2025-09-09
MEDIUM
6.1
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55053
2025-09-09
MEDIUM
6.5
CWE-328: Use of Weak Hash
CVE-2025-54257
2025-09-09
HIGH
7.8
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-53914
2025-09-09
N/A
0.0
Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
CVE-2025-53913
2025-09-09
N/A
0.0
Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
CVE-2025-47415
2025-09-09
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.…
CVE-2025-43786
2025-09-09
N/A
0.0
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA…
CVE-2025-36125
2025-09-09
MEDIUM
6.4
IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the…
CVE-2025-36011
2025-09-09
MEDIUM
4.3
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie…
CVE-2025-34175
2025-09-09
N/A
0.0
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is…
CVE-2025-34174
2025-09-09
N/A
0.0
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the…
CVE-2025-34173
2025-09-09
N/A
0.0
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents…
CVE-2025-34172
2025-09-09
N/A
0.0
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is…
CVE-2025-5005
2025-09-09
HIGH
7.3
A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument…
CVE-2025-57278
2025-09-09
N/A
0.0
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants…
CVE-2025-55730
2025-09-09
CRITICAL
10.0
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55729
2025-09-09
CRITICAL
10.0
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55728
2025-09-09
CRITICAL
10.0
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55052
2025-09-09
MEDIUM
4.3
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-55051
2025-09-09
CRITICAL
10.0
CWE-1392: Use of Default Credentials
CVE-2025-55050
2025-09-09
CRITICAL
9.8
CWE-1242: Inclusion of Undocumented Features
CVE-2025-55048
2025-09-09
CRITICAL
9.8
Multiple CWE-78
CVE-2025-55047
2025-09-09
HIGH
8.4
CWE-798 Use of Hard-coded Credentials
CVE-2025-54256
2025-09-09
HIGH
8.6
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-54242
2025-09-09
HIGH
7.8
Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43781
2025-09-09
N/A
0.0
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to…
CVE-2025-43775
2025-09-09
N/A
0.0
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update…
CVE-2025-10164
2025-09-09
HIGH
7.3
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors…
CVE-2025-32689
2025-09-09
HIGH
7.5
Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13.
CVE-2025-32688
2025-09-09
MEDIUM
5.4
Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8.
CVE-2025-32486
2025-09-09
CRITICAL
9.8
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard. This issue affects Material Dashboard: from n/a through 1.4.6.
CVE-2025-30875
2025-09-09
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Froger WP Weixin allows Stored XSS. This issue affects WP Weixin: from n/a through 1.3.16.
CVE-2025-9269
2025-09-09
N/A
0.0
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force…
CVE-2025-57665
2025-09-09
N/A
0.0
Element Plus Link component (el-link) through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes…
CVE-2025-57085
2025-09-09
N/A
0.0
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-5500
2025-09-09
MEDIUM
5.3
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation…
CVE-2025-59008
2025-09-09
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code…
CVE-2025-59005
2025-09-09
MEDIUM
4.3
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
CVE-2025-58997
2025-09-09
CRITICAL
9.6
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.
CVE-2025-58993
2025-09-09
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through…
CVE-2025-58991
2025-09-09
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-58990
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0.
CVE-2025-58989
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text…
CVE-2025-58988
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.
CVE-2025-58987
2025-09-09
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6.
« Anterior
Página 479 de 3937
Siguiente »
Page load link
Go to Top
