Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2019-25305
2026-02-06
HIGH
7.8
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute…
CVE-2019-25304
2026-02-06
HIGH
7.8
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted…
CVE-2019-25303
2026-02-06
HIGH
7.1
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL…
CVE-2019-25302
2026-02-06
HIGH
7.8
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the…
CVE-2019-25301
2026-02-06
MEDIUM
6.4
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through…
CVE-2019-25300
2026-02-06
HIGH
7.1
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based…
CVE-2019-25299
2026-02-06
HIGH
7.1
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and…
CVE-2019-25298
2026-02-06
HIGH
7.1
html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques…
CVE-2019-25294
2026-02-06
MEDIUM
6.4
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with…
CVE-2019-25293
2026-02-06
HIGH
7.8
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2019-25292
2026-02-06
HIGH
7.8
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted…
CVE-2019-25266
2026-02-06
HIGH
7.8
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted…
CVE-2026-2057
2026-02-06
HIGH
7.3
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results…
CVE-2025-13523
2026-02-06
HIGH
7.7
Mattermost Confluence plugin version
CVE-2025-70073
2026-02-05
CRITICAL
9.8
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function
CVE-2025-68121
2026-02-05
MEDIUM
4.8
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may…
CVE-2026-2056
2026-02-06
MEDIUM
5.3
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection…
CVE-2026-1337
2026-02-06
N/A
0.0
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in…
CVE-2025-13818
2026-02-06
N/A
0.0
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
CVE-2026-2055
2026-02-06
MEDIUM
5.3
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation…
CVE-2026-2054
2026-02-06
MEDIUM
5.3
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in…
CVE-2026-2018
2026-02-06
HIGH
7.3
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql…
CVE-2026-2017
2026-02-06
CRITICAL
9.8
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler.…
CVE-2026-2016
2026-02-06
MEDIUM
5.3
A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to…
CVE-2026-1293
2026-02-06
MEDIUM
6.4
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in…
CVE-2026-2015
2026-02-06
MEDIUM
6.3
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a…
CVE-2026-2014
2026-02-06
HIGH
7.3
A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID…
CVE-2026-2013
2026-02-06
HIGH
7.3
A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql…
CVE-2026-24928
2026-02-06
MEDIUM
5.8
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24927
2026-02-06
MEDIUM
5.5
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24924
2026-02-06
MEDIUM
6.1
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24920
2026-02-06
MEDIUM
6.2
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-2012
2026-02-06
HIGH
7.3
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes…
CVE-2026-2011
2026-02-06
HIGH
7.3
A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results…
CVE-2026-24931
2026-02-06
MEDIUM
5.9
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24930
2026-02-06
HIGH
8.4
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24929
2026-02-06
MEDIUM
5.9
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24926
2026-02-06
HIGH
8.4
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24925
2026-02-06
HIGH
7.3
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24923
2026-02-06
MEDIUM
6.3
Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24922
2026-02-06
MEDIUM
6.9
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24921
2026-02-06
MEDIUM
4.8
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2026-24919
2026-02-06
MEDIUM
6.0
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24918
2026-02-06
MEDIUM
6.8
Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24917
2026-02-06
MEDIUM
6.5
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24916
2026-02-06
MEDIUM
5.9
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24915
2026-02-06
MEDIUM
6.2
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2026-24914
2026-02-06
MEDIUM
4.0
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-21643
2026-02-06
CRITICAL
9.8
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or…
CVE-2026-1785
2026-02-06
MEDIUM
4.3
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on…
« Anterior
Página 5 de 3911
Siguiente »
Page load link
Go to Top
