Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-53081
2025-07-29
MEDIUM
6.4
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the…
CVE-2025-6495
2025-07-29
HIGH
7.5
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to,…
CVE-2025-53649
2025-07-29
MEDIUM
5.1
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If…
CVE-2025-53080
2025-07-29
HIGH
7.1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to…
CVE-2025-53079
2025-07-29
MEDIUM
4.9
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
CVE-2025-53078
2025-07-29
HIGH
8.0
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
CVE-2025-53077
2025-07-29
MEDIUM
6.5
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could…
CVE-2025-4566
2025-07-29
MEDIUM
6.4
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-4370
2025-07-29
MEDIUM
5.3
The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls…
CVE-2025-3075
2025-07-29
MEDIUM
6.4
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-7811
2025-07-29
MEDIUM
6.4
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-7810
2025-07-29
MEDIUM
5.4
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-7809
2025-07-29
MEDIUM
6.4
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all…
CVE-2025-54429
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in…
CVE-2025-54428
2025-07-28
CRITICAL
9.8
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below…
CVE-2025-54427
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic,…
CVE-2025-54426
2025-07-28
N/A
0.0
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the…
CVE-2025-54423
2025-07-28
MEDIUM
5.4
copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to…
CVE-2025-54419
2025-07-28
CRITICAL
10.0
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from…
CVE-2025-50486
2025-07-28
HIGH
7.1
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking…
CVE-2025-50485
2025-07-28
HIGH
7.1
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking…
CVE-2025-29534
2025-07-28
HIGH
8.8
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to…
CVE-2025-8283
2025-07-28
LOW
3.7
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search…
CVE-2025-50487
2025-07-28
HIGH
7.1
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute…
CVE-2025-50484
2025-07-28
HIGH
7.1
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-54299
2025-07-28
N/A
0.0
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVE-2025-54298
2025-07-28
N/A
0.0
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
CVE-2025-50492
2025-07-28
HIGH
7.5
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking…
CVE-2025-50491
2025-07-28
HIGH
7.1
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session…
CVE-2025-50489
2025-07-28
HIGH
7.5
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session…
CVE-2025-50488
2025-07-28
HIGH
7.1
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session…
CVE-2025-43023
2025-07-28
N/A
0.0
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is…
CVE-2025-7676
2025-07-28
N/A
0.0
DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute…
CVE-2025-54538
2025-07-28
MEDIUM
5.5
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVE-2025-54537
2025-07-28
MEDIUM
5.5
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-54536
2025-07-28
MEDIUM
5.4
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVE-2025-54535
2025-07-28
MEDIUM
5.8
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVE-2025-54534
2025-07-28
MEDIUM
4.8
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-54533
2025-07-28
MEDIUM
4.3
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54532
2025-07-28
MEDIUM
4.3
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54531
2025-07-28
HIGH
7.7
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVE-2025-54530
2025-07-28
HIGH
7.5
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVE-2025-54529
2025-07-28
LOW
3.7
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVE-2025-54528
2025-07-28
MEDIUM
5.4
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVE-2025-54527
2025-07-28
MEDIUM
6.1
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-50494
2025-07-28
HIGH
7.5
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session…
CVE-2025-50493
2025-07-28
HIGH
7.5
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session…
CVE-2025-50490
2025-07-28
HIGH
7.5
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session…
CVE-2025-6250
2025-07-28
N/A
0.0
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing…
CVE-2025-2297
2025-07-28
N/A
0.0
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into…
« Anterior
Página 62 de 3410
Siguiente »
Page load link
Go to Top
