Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-52203
2025-07-31
HIGH
7.6
A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which…
CVE-2025-46809
2025-07-31
MEDIUM
5.7
A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue…
CVE-2025-8408
2025-07-31
HIGH
7.3
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of…
CVE-2025-52289
2025-07-31
HIGH
8.0
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted…
CVE-2025-50849
2025-07-31
HIGH
8.0
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers…
CVE-2025-50475
2025-07-31
CRITICAL
9.8
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as…
CVE-2025-34146
2025-07-31
N/A
0.0
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions
CVE-2014-125126
2025-07-31
N/A
0.0
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass…
CVE-2014-125125
2025-07-31
N/A
0.0
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the…
CVE-2014-125124
2025-07-31
N/A
0.0
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web…
CVE-2014-125123
2025-07-31
N/A
0.0
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12.…
CVE-2014-125122
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered…
CVE-2014-125121
2025-07-31
N/A
0.0
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a…
CVE-2013-10043
2025-07-31
N/A
0.0
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an…
CVE-2013-10042
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command.…
CVE-2013-10040
2025-07-31
N/A
0.0
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated…
CVE-2013-10039
2025-07-31
N/A
0.0
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter…
CVE-2013-10038
2025-07-31
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to…
CVE-2013-10037
2025-07-31
N/A
0.0
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and…
CVE-2013-10036
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration…
CVE-2013-10035
2025-07-31
N/A
0.0
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user…
CVE-2013-10034
2025-07-31
N/A
0.0
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to…
CVE-2013-10033
2025-07-31
N/A
0.0
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject…
CVE-2012-10021
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the…
CVE-2011-10008
2025-07-31
N/A
0.0
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files…
CVE-2025-8407
2025-07-31
HIGH
7.3
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown…
CVE-2025-7738
2025-07-31
MEDIUM
4.4
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub…
CVE-2025-54589
2025-07-31
MEDIUM
6.3
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users…
CVE-2025-8213
2025-07-31
HIGH
7.2
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file…
CVE-2025-8401
2025-07-31
MEDIUM
4.3
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions…
CVE-2025-8382
2025-07-31
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown…
CVE-2025-8381
2025-07-31
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects…
CVE-2025-8151
2025-07-31
MEDIUM
4.3
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up…
CVE-2025-8068
2025-07-31
MEDIUM
4.3
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data…
CVE-2025-8380
2025-07-31
LOW
3.5
A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of…
CVE-2025-8379
2025-07-31
MEDIUM
4.7
A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part…
CVE-2025-8378
2025-07-31
HIGH
7.3
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this…
CVE-2025-8376
2025-07-31
HIGH
7.3
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the…
CVE-2025-41688
2025-07-31
HIGH
7.2
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA…
CVE-2025-40980
2025-07-31
N/A
0.0
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack…
CVE-2025-2813
2025-07-31
HIGH
7.5
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http…
CVE-2025-8375
2025-07-31
HIGH
7.3
A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown…
CVE-2025-8374
2025-07-31
HIGH
7.3
A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code…
CVE-2025-8192
2025-07-31
N/A
0.0
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context,…
CVE-2025-24854
2025-07-31
MEDIUM
6.1
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the…
CVE-2025-24853
2025-07-31
HIGH
7.5
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to…
CVE-2025-8373
2025-07-31
HIGH
7.3
A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part…
CVE-2025-8372
2025-07-31
HIGH
7.3
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some…
CVE-2025-7205
2025-07-31
MEDIUM
5.4
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor…
CVE-2025-54757
2025-07-31
MEDIUM
6.5
Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by…
« Anterior
Página 5 de 3360
Siguiente »
Page load link
Go to Top
