Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-9797
2025-09-01
LOW
2.4
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes…
CVE-2025-9796
2025-09-01
LOW
3.5
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is…
CVE-2024-28988
2025-09-01
CRITICAL
9.8
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on…
CVE-2025-9795
2025-09-01
MEDIUM
6.3
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument…
CVE-2025-9794
2025-09-01
HIGH
7.3
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the…
CVE-2025-9793
2025-09-01
HIGH
7.3
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the…
CVE-2025-9792
2025-09-01
HIGH
7.3
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid…
CVE-2025-9810
2025-09-01
MEDIUM
6.8
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
CVE-2025-9809
2025-09-01
N/A
0.0
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding…
CVE-2025-9791
2025-09-01
HIGH
8.8
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow.…
CVE-2025-9790
2025-09-01
HIGH
7.3
A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results…
CVE-2025-9789
2025-09-01
HIGH
7.3
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument…
CVE-2025-9788
2025-09-01
HIGH
7.3
A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument…
CVE-2025-3586
2025-09-01
N/A
0.0
In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay…
CVE-2025-9375
2025-09-01
N/A
0.0
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodict: 0.14.2.
CVE-2025-9786
2025-09-01
HIGH
7.3
A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in…
CVE-2025-57799
2025-09-01
N/A
0.0
StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands,…
CVE-2025-55007
2025-09-01
LOW
3.5
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests…
CVE-2025-58421
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58420
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58419
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58418
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58417
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58416
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58415
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-58414
2025-09-02
N/A
0.0
Rejected reason: Not used
CVE-2025-9783
2025-09-01
HIGH
8.8
A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer…
CVE-2025-33102
2025-09-01
MEDIUM
5.9
IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-33099
2025-09-01
MEDIUM
5.9
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
CVE-2025-33084
2025-09-01
MEDIUM
5.9
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker…
CVE-2025-33083
2025-09-01
MEDIUM
5.4
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-33082
2025-09-01
MEDIUM
5.4
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-0656
2025-09-01
MEDIUM
6.1
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-9782
2025-09-01
HIGH
8.8
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow.…
CVE-2025-9781
2025-09-01
HIGH
8.8
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow.…
CVE-2025-9780
2025-09-01
HIGH
8.8
A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes…
CVE-2025-9779
2025-09-01
HIGH
8.8
A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in…
CVE-2025-2412
2025-09-01
HIGH
8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.
CVE-2025-0610
2025-09-01
HIGH
8.6
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.
CVE-2024-12925
2025-09-01
HIGH
7.3
Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12.
CVE-2024-12924
2025-09-01
MEDIUM
6.3
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.
CVE-2024-12914
2025-09-01
MEDIUM
4.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before…
CVE-2025-9778
2025-09-01
LOW
1.9
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation…
CVE-2025-36133
2025-09-01
MEDIUM
5.9
IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could…
CVE-2025-9775
2025-09-01
HIGH
7.3
A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload.…
CVE-2025-9774
2025-09-01
MEDIUM
4.3
A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to…
CVE-2025-9773
2025-09-01
MEDIUM
4.3
A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead…
CVE-2025-9772
2025-09-01
HIGH
7.3
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload.…
CVE-2025-9771
2025-09-01
HIGH
7.3
A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of…
CVE-2025-9770
2025-09-01
HIGH
7.3
A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard…
« Anterior
Página 507 de 3939
Siguiente »
Page load link
Go to Top
