Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-9247
2025-08-20
HIGH
8.8
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation…
CVE-2025-55297
2025-08-21
N/A
0.0
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and…
CVE-2025-55368
2025-08-21
HIGH
8.8
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVE-2025-54988
2025-08-20
CRITICAL
9.8
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via…
CVE-2025-48956
2025-08-21
HIGH
7.5
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending…
CVE-2025-48978
2025-08-21
HIGH
7.5
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products:…
CVE-2025-50901
2025-08-20
CRITICAL
9.8
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
CVE-2025-27217
2025-08-21
CRITICAL
9.1
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
CVE-2025-27216
2025-08-21
HIGH
8.8
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
CVE-2025-27215
2025-08-21
HIGH
8.1
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected…
CVE-2025-27214
2025-08-21
CRITICAL
9.8
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized…
CVE-2024-57157
2025-08-20
CRITICAL
9.8
Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.
CVE-2024-50640
2025-08-20
CRITICAL
9.8
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function
CVE-2025-9302
2025-08-21
HIGH
7.3
A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql…
CVE-2025-9301
2025-08-21
LOW
3.3
A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally.…
CVE-2025-9299
2025-08-21
HIGH
8.8
A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads…
CVE-2025-9298
2025-08-21
HIGH
8.8
A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based…
CVE-2025-9297
2025-08-21
HIGH
8.8
A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow.…
CVE-2025-9296
2025-08-21
MEDIUM
4.7
A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads…
CVE-2025-55444
2025-08-20
CRITICAL
9.8
A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary…
CVE-2025-43300
2025-08-21
HIGH
8.8
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2…
CVE-2025-50902
2025-08-20
HIGH
8.8
Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.
CVE-2025-50904
2025-08-20
CRITICAL
9.8
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
CVE-2025-27213
2025-08-21
MEDIUM
4.9
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes…
CVE-2025-24285
2025-08-21
CRITICAL
9.8
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV…
CVE-2024-57155
2025-08-20
CRITICAL
9.8
Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token.
CVE-2024-57154
2025-08-20
CRITICAL
9.8
Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.
CVE-2025-28041
2025-08-20
HIGH
8.6
Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.
CVE-2024-57152
2025-08-20
HIGH
7.5
Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
CVE-2024-53495
2025-08-20
HIGH
7.5
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2025-5115
2025-08-20
N/A
0.0
In Eclipse Jetty, versions
CVE-2025-8064
2025-08-21
MEDIUM
6.4
The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selector_height’ parameter in all versions up to, and including, 6.0.1 due to insufficient input…
CVE-2025-8895
2025-08-21
CRITICAL
9.8
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This…
CVE-2025-8023
2025-08-21
MEDIUM
6.8
Mattermost versions 10.8.x
CVE-2025-53971
2025-08-21
LOW
3.8
Mattermost versions 10.5.x
CVE-2025-49810
2025-08-21
LOW
3.5
Mattermost versions 10.5.x
CVE-2025-49222
2025-08-21
MEDIUM
6.8
Mattermost versions 10.8.x
CVE-2025-47870
2025-08-21
MEDIUM
4.3
Mattermost versions 10.8.x
CVE-2025-47700
2025-08-21
LOW
3.5
Mattermost Server versions 10.5.x
CVE-2025-36530
2025-08-21
MEDIUM
6.8
Mattermost versions 10.9.x
CVE-2025-8607
2025-08-21
MEDIUM
6.4
The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up…
CVE-2025-8592
2025-08-21
HIGH
8.1
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation…
CVE-2025-7390
2025-08-21
CRITICAL
9.1
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
CVE-2025-7221
2025-08-21
MEDIUM
4.3
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function…
CVE-2025-53505
2025-08-21
MEDIUM
4.3
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting…
CVE-2025-53504
2025-08-21
MEDIUM
5.4
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be…
CVE-2025-57832
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57831
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57830
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57829
2025-08-21
N/A
0.0
Rejected reason: Not used
« Anterior
Página 539 de 3946
Siguiente »
Page load link
Go to Top
