Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-9934
2025-09-04
MEDIUM
6.3
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote…
CVE-2025-9933
2025-09-04
HIGH
7.3
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the…
CVE-2025-9932
2025-09-04
HIGH
7.3
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the…
CVE-2025-9931
2025-09-04
MEDIUM
4.3
A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument…
CVE-2025-9930
2025-09-04
HIGH
7.3
A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber…
CVE-2025-9929
2025-09-04
LOW
2.4
A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogs_view.php. Executing manipulation of the argument product_code/gen_name/product_name/supplier can lead…
CVE-2025-9616
2025-09-04
MEDIUM
5.3
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation…
CVE-2025-9519
2025-09-04
HIGH
7.2
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to…
CVE-2025-9518
2025-09-04
HIGH
7.2
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and…
CVE-2025-9517
2025-09-04
HIGH
7.2
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to…
CVE-2025-9516
2025-09-04
MEDIUM
4.9
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible…
CVE-2025-9467
2025-09-04
N/A
0.0
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should…
CVE-2025-6984
2025-09-04
HIGH
7.5
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises…
CVE-2025-6085
2025-09-04
HIGH
7.2
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and…
CVE-2025-58358
2025-09-04
HIGH
7.5
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input…
CVE-2025-58357
2025-09-04
CRITICAL
9.6
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection…
CVE-2025-58355
2025-09-04
HIGH
7.7
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its…
CVE-2025-58064
2025-09-04
N/A
0.0
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting (XSS)…
CVE-2025-58057
2025-09-04
N/A
0.0
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions…
CVE-2025-43772
2025-09-04
N/A
0.0
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving…
CVE-2025-36908
2025-09-04
MEDIUM
6.7
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System…
CVE-2025-36907
2025-09-04
HIGH
7.3
In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB…
CVE-2025-36906
2025-09-04
N/A
0.0
In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no…
CVE-2025-36905
2025-09-04
HIGH
7.8
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-36904
2025-09-04
CRITICAL
9.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
CVE-2025-36903
2025-09-04
HIGH
7.8
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…
CVE-2025-36902
2025-09-04
MEDIUM
6.7
In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System…
CVE-2025-36901
2025-09-04
HIGH
8.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.
CVE-2025-36900
2025-09-04
MEDIUM
6.7
In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed.…
CVE-2025-36899
2025-09-04
HIGH
8.4
There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution…
CVE-2025-36898
2025-09-04
HIGH
7.8
There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-36897
2025-09-04
CRITICAL
9.8
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional…
CVE-2025-36896
2025-09-04
CRITICAL
9.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
CVE-2025-36895
2025-09-04
HIGH
7.5
Information disclosure
CVE-2025-36894
2025-09-04
HIGH
7.5
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges…
CVE-2025-36893
2025-09-04
MEDIUM
5.5
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2025-36892
2025-09-04
HIGH
7.5
Denial of service
CVE-2025-36891
2025-09-04
HIGH
8.8
Elevation of privilege
CVE-2025-36887
2025-09-04
HIGH
7.8
In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no…
CVE-2025-2417
2025-09-04
HIGH
8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.
CVE-2025-2411
2025-09-04
HIGH
8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.
CVE-2024-56190
2025-09-04
HIGH
7.8
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2024-56189
2025-09-04
HIGH
7.5
In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with…
CVE-2024-13073
2025-09-04
MEDIUM
4.7
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).This issue affects TaskPano: s1.06.04.
CVE-2024-13071
2025-09-04
MEDIUM
4.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.
CVE-2025-9928
2025-09-03
HIGH
7.3
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument…
CVE-2025-9927
2025-09-03
HIGH
7.3
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads…
CVE-2025-8268
2025-09-03
MEDIUM
6.5
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in…
CVE-2025-58056
2025-09-03
N/A
0.0
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts…
CVE-2025-57833
2025-09-03
HIGH
7.1
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably…
« Anterior
Página 499 de 3939
Siguiente »
Page load link
Go to Top
