Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53711
2025-07-29
N/A
0.0
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input…
CVE-2025-44137
2025-07-29
HIGH
8.2
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are…
CVE-2025-44136
2025-07-29
CRITICAL
9.8
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message…
CVE-2025-36010
2025-07-29
MEDIUM
6.5
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due…
CVE-2025-2928
2025-07-29
HIGH
7.2
SQL Injection affecting the Archiver role.
CVE-2025-2533
2025-07-29
MEDIUM
5.3
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash…
CVE-2025-2179
2025-07-29
N/A
0.0
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non…
CVE-2025-28170
2025-07-29
HIGH
7.6
Grandstream Networks GXP1628
CVE-2025-27514
2025-07-29
MEDIUM
4.5
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2025-5922
2025-07-29
N/A
0.0
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN…
CVE-2025-54432
2025-07-29
N/A
0.0
Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
CVE-2025-54420
2025-07-29
N/A
0.0
Rejected reason: This CVE is a duplicate of CVE-2025-8129.
CVE-2025-31965
2025-07-29
HIGH
8.2
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized…
CVE-2025-50738
2025-07-29
CRITICAL
9.8
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user…
CVE-2025-46059
2025-07-29
CRITICAL
9.8
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to…
CVE-2025-8264
2025-07-29
CRITICAL
9.0
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend.…
CVE-2025-8194
2025-07-28
HIGH
7.5
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation…
CVE-2025-6505
2025-07-29
HIGH
8.1
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability…
CVE-2025-6504
2025-07-29
HIGH
8.4
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since…
CVE-2025-54769
2025-07-29
HIGH
8.8
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in…
CVE-2025-52358
2025-07-29
MEDIUM
6.3
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This…
CVE-2025-54422
2025-07-29
N/A
0.0
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a…
CVE-2025-54768
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2025-54767
2025-07-29
MEDIUM
6.5
An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
CVE-2025-54766
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2025-54765
2025-07-29
MEDIUM
5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only…
CVE-2024-42645
2025-07-29
N/A
0.0
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to…
CVE-2024-42644
2025-07-29
N/A
0.0
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of…
CVE-2025-7458
2025-07-29
N/A
0.0
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to…
CVE-2025-6175
2025-07-29
HIGH
7.2
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before…
CVE-2025-6060
2025-07-29
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting…
CVE-2025-41241
2025-07-29
MEDIUM
4.4
VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls…
CVE-2025-40686
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40685
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40684
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40683
2025-07-29
N/A
0.0
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript…
CVE-2025-40682
2025-07-29
N/A
0.0
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete…
CVE-2025-5587
2025-07-29
MEDIUM
6.4
The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to,…
CVE-2025-8216
2025-07-29
MEDIUM
6.4
The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions…
CVE-2025-8196
2025-07-29
MEDIUM
6.4
The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in…
CVE-2025-7689
2025-07-29
HIGH
8.8
The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback()…
CVE-2025-6730
2025-07-29
MEDIUM
4.3
The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2025-6692
2025-07-29
MEDIUM
6.4
The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up…
CVE-2025-6681
2025-07-29
MEDIUM
6.4
The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up…
CVE-2025-26400
2025-07-29
MEDIUM
5.3
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead…
CVE-2025-53082
2025-07-29
MEDIUM
6.1
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the…
CVE-2025-53081
2025-07-29
MEDIUM
6.4
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the…
CVE-2025-6495
2025-07-29
HIGH
7.5
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to,…
CVE-2025-53649
2025-07-29
MEDIUM
5.1
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If…
CVE-2025-53080
2025-07-29
HIGH
7.1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to…
« Anterior
Página 61 de 3410
Siguiente »
Page load link
Go to Top
