Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7642
2025-08-23
CRITICAL
9.8
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity…
CVE-2025-43766
2025-08-23
N/A
0.0
The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload…
CVE-2025-43765
2025-08-23
N/A
0.0
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA…
CVE-2025-43764
2025-08-23
N/A
0.0
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through…
CVE-2025-43767
2025-08-23
N/A
0.0
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update…
CVE-2025-58043
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58042
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58041
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58040
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58039
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58038
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58037
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58036
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-58035
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-43769
2025-08-23
N/A
0.0
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update…
CVE-2025-43768
2025-08-23
N/A
0.0
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated…
CVE-2025-24469
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-24468
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-22864
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-22863
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-22861
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-22860
2025-08-23
N/A
0.0
Rejected reason: Not used
CVE-2025-43770
2025-08-23
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12…
CVE-2025-8193
2025-08-22
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-9356
2025-08-22
HIGH
8.8
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation…
CVE-2025-9355
2025-08-22
HIGH
8.8
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation…
CVE-2025-55455
2025-08-22
N/A
0.0
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.
CVE-2025-52451
2025-08-22
HIGH
8.5
Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,…
CVE-2025-52450
2025-08-22
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This…
CVE-2025-4609
2025-08-22
N/A
0.0
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2025-43761
2025-08-22
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12…
CVE-2025-26498
2025-08-22
N/A
0.0
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before…
CVE-2025-26497
2025-08-22
N/A
0.0
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3,…
CVE-2025-26496
2025-08-22
CRITICAL
9.6
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau…
CVE-2022-45133
2025-08-22
N/A
0.0
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the…
CVE-2022-43110
2025-08-22
CRITICAL
9.8
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can…
CVE-2022-31491
2025-08-22
CRITICAL
10.0
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related…
CVE-2025-57801
2025-08-22
N/A
0.0
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting…
CVE-2025-55626
2025-08-22
MEDIUM
5.3
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings…
CVE-2025-55625
2025-08-22
MEDIUM
6.5
An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL.
CVE-2025-55624
2025-08-22
MEDIUM
5.3
An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.
CVE-2025-6791
2025-08-22
HIGH
8.8
On the monitoring event logs page, it is possible to alter the http request to insert a payload in the DB. Caused by an Improper Neutralization of Special…
CVE-2025-55454
2025-08-22
N/A
0.0
An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-54813
2025-08-22
N/A
0.0
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these…
CVE-2025-55581
2025-08-22
HIGH
7.3
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without…
CVE-2025-54812
2025-08-22
N/A
0.0
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data…
CVE-2025-51092
2025-08-22
N/A
0.0
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and signUp() build queries by directly…
CVE-2025-50859
2025-08-22
N/A
0.0
Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter.
CVE-2025-50858
2025-08-22
N/A
0.0
Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter.
CVE-2025-52287
2025-08-22
HIGH
8.8
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.
« Anterior
Página 533 de 3946
Siguiente »
Page load link
Go to Top
