Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8126
2025-07-25
MEDIUM
6.3
A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of…
CVE-2025-54567
2025-07-25
MEDIUM
4.2
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
CVE-2025-54566
2025-07-25
MEDIUM
4.2
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
CVE-2019-25224
2025-07-25
CRITICAL
9.8
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump…
CVE-2015-10144
2025-07-25
HIGH
8.8
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in…
CVE-2015-10143
2025-07-25
CRITICAL
9.8
The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to…
CVE-2025-8125
2025-07-25
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue…
CVE-2025-54558
2025-07-25
MEDIUM
4.1
OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z…
CVE-2025-0253
2025-07-25
LOW
2.0
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could…
CVE-2025-0252
2025-07-25
LOW
2.6
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it…
CVE-2025-0251
2025-07-25
LOW
2.6
HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials,…
CVE-2025-8124
2025-07-25
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability…
CVE-2025-7742
2025-07-25
N/A
0.0
An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an…
CVE-2025-0250
2025-07-25
LOW
2.2
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is…
CVE-2025-0249
2025-07-25
LOW
3.3
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which…
CVE-2025-54379
2025-07-24
N/A
0.0
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions…
CVE-2025-53940
2025-07-24
N/A
0.0
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central…
CVE-2025-3614
2025-07-24
MEDIUM
6.4
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of…
CVE-2025-32429
2025-07-24
N/A
0.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1…
CVE-2025-22165
2025-07-24
N/A
0.0
This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary…
CVE-2025-8123
2025-07-24
MEDIUM
6.3
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown…
CVE-2025-7404
2025-07-24
N/A
0.0
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind…
CVE-2025-6260
2025-07-24
CRITICAL
9.8
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the…
CVE-2025-31955
2025-07-24
HIGH
7.6
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within…
CVE-2025-31953
2025-07-24
HIGH
7.1
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized…
CVE-2025-31952
2025-07-24
HIGH
7.1
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing…
CVE-2025-6998
2025-07-24
N/A
0.0
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via…
CVE-2025-8115
2025-07-24
LOW
3.5
A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability…
CVE-2025-5039
2025-07-24
HIGH
7.8
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary…
CVE-2025-45702
2025-07-24
MEDIUM
6.5
SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.
CVE-2025-53084
2025-07-24
CRITICAL
9.0
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-50128
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-48732
2025-07-24
HIGH
7.3
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted…
CVE-2025-47061
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46996
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46993
2025-07-24
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2025-46410
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-41420
2025-07-24
CRITICAL
9.6
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit…
CVE-2025-36548
2025-07-24
HIGH
8.3
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master…
CVE-2025-25214
2025-07-24
HIGH
8.8
A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A…
CVE-2025-54369
2025-07-24
N/A
0.0
Rejected reason: Reason: This candidate was issued in error.
CVE-2025-51089
2025-07-24
MEDIUM
6.5
Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer…
CVE-2025-51088
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based…
CVE-2025-51085
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads…
CVE-2025-51082
2025-07-24
MEDIUM
5.3
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based…
CVE-2025-45731
2025-07-24
MEDIUM
6.5
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while…
CVE-2025-41240
2025-07-24
CRITICAL
10.0
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document…
CVE-2025-8114
2025-07-24
MEDIUM
4.7
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the…
CVE-2025-51087
2025-07-24
HIGH
8.6
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based…
CVE-2025-36005
2025-07-24
MEDIUM
5.9
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1,…
« Anterior
Página 75 de 3414
Siguiente »
Page load link
Go to Top
