Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53971
2025-08-21
LOW
3.8
Mattermost versions 10.5.x
CVE-2025-49810
2025-08-21
LOW
3.5
Mattermost versions 10.5.x
CVE-2025-49222
2025-08-21
MEDIUM
6.8
Mattermost versions 10.8.x
CVE-2025-47870
2025-08-21
MEDIUM
4.3
Mattermost versions 10.8.x
CVE-2025-47700
2025-08-21
LOW
3.5
Mattermost Server versions 10.5.x
CVE-2025-36530
2025-08-21
MEDIUM
6.8
Mattermost versions 10.9.x
CVE-2025-8607
2025-08-21
MEDIUM
6.4
The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up…
CVE-2025-8592
2025-08-21
HIGH
8.1
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation…
CVE-2025-7390
2025-08-21
CRITICAL
9.1
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
CVE-2025-7221
2025-08-21
MEDIUM
4.3
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function…
CVE-2025-53505
2025-08-21
MEDIUM
4.3
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting…
CVE-2025-53504
2025-08-21
MEDIUM
5.4
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be…
CVE-2025-57832
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57831
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57830
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57829
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57828
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57827
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57826
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57825
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-57824
2025-08-21
N/A
0.0
Rejected reason: Not used
CVE-2025-48355
2025-08-21
MEDIUM
5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from…
CVE-2025-54363
2025-08-20
N/A
0.0
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2).
CVE-2025-57749
2025-08-20
MEDIUM
6.5
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access…
CVE-2025-20131
2025-08-20
MEDIUM
4.9
A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This…
CVE-2025-9246
2025-08-20
HIGH
8.8
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the…
CVE-2025-9245
2025-08-20
HIGH
8.8
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the…
CVE-2025-9244
2025-08-20
MEDIUM
6.3
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation…
CVE-2025-9241
2025-08-20
MEDIUM
6.3
A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The…
CVE-2025-43757
2025-08-20
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13,…
CVE-2025-9240
2025-08-20
MEDIUM
4.3
A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in…
CVE-2025-43746
2025-08-20
N/A
0.0
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13,…
CVE-2025-9239
2025-08-20
LOW
3.7
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler.…
CVE-2025-9238
2025-08-20
HIGH
7.3
A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the…
CVE-2025-9237
2025-08-20
LOW
3.5
A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of…
CVE-2025-9236
2025-08-20
MEDIUM
6.3
A vulnerability has been found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such…
CVE-2025-55746
2025-08-20
CRITICAL
9.3
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows…
CVE-2025-47054
2025-08-20
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM…
CVE-2025-9235
2025-08-20
LOW
3.5
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes…
CVE-2025-9234
2025-08-20
LOW
3.5
A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in…
CVE-2025-8612
2025-08-20
HIGH
7.3
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first…
CVE-2025-8611
2025-08-20
CRITICAL
9.8
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup.…
CVE-2025-8610
2025-08-20
CRITICAL
9.8
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup.…
CVE-2025-9233
2025-08-20
LOW
3.5
A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to…
CVE-2025-8415
2025-08-20
MEDIUM
5.9
A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if…
CVE-2025-8309
2025-08-20
HIGH
8.1
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer…
CVE-2025-6183
2025-08-20
N/A
0.0
The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message.
CVE-2025-6182
2025-08-20
N/A
0.0
The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones.
CVE-2025-6181
2025-08-20
N/A
0.0
The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation.
CVE-2025-6180
2025-08-20
N/A
0.0
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition.
« Anterior
Página 548 de 3954
Siguiente »
Page load link
Go to Top
