Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-57616
2025-09-02
N/A
0.0
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory…
CVE-2025-57615
2025-09-02
N/A
0.0
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service…
CVE-2025-57614
2025-09-02
N/A
0.0
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of…
CVE-2025-57613
2025-09-02
N/A
0.0
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of…
CVE-2025-55372
2025-09-02
N/A
0.0
An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-9784
2025-09-02
HIGH
7.5
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows…
CVE-2025-2413
2025-09-02
HIGH
8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.
CVE-2025-0670
2025-09-02
MEDIUM
4.7
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.
CVE-2024-12974
2025-09-02
MEDIUM
4.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).This issue affects ProKuaför: from s1.02.07 before v1.02.08.
CVE-2025-6519
2025-09-02
N/A
0.0
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The…
CVE-2025-5662
2025-09-02
CRITICAL
9.8
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper…
CVE-2025-57140
2025-09-02
CRITICAL
9.8
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
CVE-2025-56254
2025-09-02
MEDIUM
4.3
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to…
CVE-2025-52551
2025-09-02
N/A
0.0
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.
CVE-2025-52550
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the…
CVE-2025-52549
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device…
CVE-2025-52548
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by…
CVE-2025-52547
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application…
CVE-2025-52546
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially…
CVE-2025-52545
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application…
CVE-2025-52544
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially…
CVE-2025-52543
2025-09-02
N/A
0.0
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password…
CVE-2025-46810
2025-09-02
N/A
0.0
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before…
CVE-2025-2414
2025-09-02
HIGH
8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.
CVE-2025-0640
2025-09-02
MEDIUM
4.7
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.
CVE-2024-58259
2025-09-02
HIGH
8.2
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows…
CVE-2024-52284
2025-09-02
HIGH
7.7
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
CVE-2024-12973
2025-09-02
MEDIUM
4.7
Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.
CVE-2024-12972
2025-09-02
MEDIUM
4.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
CVE-2025-9573
2025-09-02
N/A
0.0
The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
CVE-2025-41031
2025-09-02
N/A
0.0
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and…
CVE-2025-41030
2025-09-02
N/A
0.0
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
CVE-2025-44017
2025-09-02
MEDIUM
4.3
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the…
CVE-2025-41690
2025-09-02
HIGH
7.4
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow…
CVE-2025-9815
2025-09-02
HIGH
7.8
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener.…
CVE-2025-9814
2025-09-02
HIGH
7.3
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber…
CVE-2025-9813
2025-09-02
HIGH
8.8
A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow.…
CVE-2025-9812
2025-09-02
HIGH
8.8
A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer…
CVE-2025-9811
2025-09-02
HIGH
7.3
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql…
CVE-2025-8662
2025-09-02
N/A
0.0
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through…
CVE-2025-9806
2025-09-02
LOW
1.9
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup…
CVE-2025-9805
2025-09-02
MEDIUM
6.3
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The…
CVE-2025-58178
2025-09-02
HIGH
7.8
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in…
CVE-2025-58162
2025-09-02
MEDIUM
6.5
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory…
CVE-2025-58161
2025-09-02
N/A
0.0
MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to…
CVE-2025-57808
2025-09-02
HIGH
8.1
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the…
CVE-2025-9802
2025-09-02
MEDIUM
4.7
A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack…
CVE-2025-9801
2025-09-01
MEDIUM
5.4
A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote…
CVE-2025-9800
2025-09-01
MEDIUM
6.3
A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File…
CVE-2025-9799
2025-09-01
MEDIUM
5.0
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler.…
« Anterior
Página 506 de 3939
Siguiente »
Page load link
Go to Top
