Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-65410
2025-12-23
MEDIUM
6.2
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename…
CVE-2025-51511
2025-12-23
CRITICAL
9.8
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
CVE-2025-25364
2025-12-23
HIGH
8.4
A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.
CVE-2025-10863
2025-12-23
N/A
0.0
Rejected reason: This CVE id was assigned but later discarded.
CVE-2025-29228
2025-12-23
CRITICAL
9.8
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
CVE-2025-13074
2025-12-23
N/A
0.0
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-67111
2025-12-23
HIGH
7.5
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
CVE-2025-50526
2025-12-23
CRITICAL
9.8
Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
CVE-2025-33224
2025-12-23
CRITICAL
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation…
CVE-2025-33223
2025-12-23
CRITICAL
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation…
CVE-2025-33222
2025-12-23
CRITICAL
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of…
CVE-2025-45493
2025-12-23
MEDIUM
6.5
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
CVE-2025-29229
2025-12-23
CRITICAL
9.8
linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.
CVE-2025-67109
2025-12-23
CRITICAL
10.0
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVE-2025-67743
2025-12-23
MEDIUM
6.3
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw…
CVE-2025-67108
2025-12-23
CRITICAL
10.0
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
CVE-2025-65865
2025-12-23
HIGH
7.5
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-48864
2025-12-23
N/A
0.0
Rejected reason: This CVE id was assigned but later discarded.
CVE-2025-48863
2025-12-23
N/A
0.0
Rejected reason: This CVE id was assigned but later discarded.
CVE-2024-10398
2025-12-23
N/A
0.0
Rejected reason: This CVE id was assigned but later discarded.
CVE-2024-9684
2025-12-23
HIGH
7.5
FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.
CVE-2025-66845
2025-12-23
MEDIUM
6.1
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output…
CVE-2023-52210
2025-12-23
MEDIUM
5.3
Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0.
CVE-2025-68343
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback().…
CVE-2025-68342
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The…
CVE-2025-68341
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP no_direct return section to fix race As explain in commit fa349e396e48 ("veth: Fix race with…
CVE-2025-68340
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that…
CVE-2025-68339
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling…
CVE-2025-68338
2025-12-23
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on…
CVE-2025-13183
2025-12-23
HIGH
7.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from 2.4.0 before 2.4.4.
CVE-2025-68561
2025-12-23
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4.
CVE-2025-68560
2025-12-23
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for…
CVE-2025-68559
2025-12-23
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through…
CVE-2025-68557
2025-12-23
MEDIUM
4.3
Missing Authorization vulnerability in Vikas Ratudi Chakra test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through 1.0.1.
CVE-2025-68556
2025-12-23
MEDIUM
5.3
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9.
CVE-2025-68551
2025-12-23
MEDIUM
6.5
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24.
CVE-2025-68550
2025-12-23
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky allows Blind SQL Injection.This issue affects WPBulky: from n/a through 1.1.13.
CVE-2025-68548
2025-12-23
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a…
CVE-2025-68546
2025-12-23
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a…
CVE-2025-68544
2025-12-23
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Diza allows PHP Local File Inclusion.This issue affects Diza: from n/a…
CVE-2025-59886
2025-12-23
HIGH
8.8
Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user…
CVE-2025-14635
2025-12-23
MEDIUM
6.4
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_page_custom_js' parameter in all versions up to, and including, 3.20.3 due to…
CVE-2025-14000
2025-12-23
MEDIUM
6.4
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and…
CVE-2024-24844
2025-12-23
HIGH
7.5
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
CVE-2025-14548
2025-12-23
MEDIUM
6.4
The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization…
CVE-2025-14388
2025-12-23
CRITICAL
9.8
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to…
CVE-2025-14163
2025-12-23
MEDIUM
4.3
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce…
CVE-2025-14155
2025-12-23
MEDIUM
5.3
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
CVE-2025-12934
2025-12-23
HIGH
8.1
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout'…
CVE-2025-15034
2025-12-23
HIGH
7.3
A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results…
« Anterior
Página 6 de 3758
Siguiente »
Page load link
Go to Top
