Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-32019
2025-07-23
MEDIUM
4.1
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below,…
CVE-2025-8058
2025-07-23
N/A
0.0
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if…
CVE-2025-50477
2025-07-23
MEDIUM
5.4
A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-47187
2025-07-23
HIGH
7.5
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through…
CVE-2025-44109
2025-07-23
MEDIUM
5.4
A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-46686
2025-07-23
MEDIUM
4.9
Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This…
CVE-2025-53882
2025-07-23
CRITICAL
9.1
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation…
CVE-2025-4700
2025-07-23
HIGH
8.7
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-4439
2025-07-23
HIGH
7.7
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2…
CVE-2025-50481
2025-07-23
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts…
CVE-2025-8069
2025-07-23
HIGH
7.8
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch…
CVE-2025-8060
2025-07-23
HIGH
8.8
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-8044
2025-07-22
CRITICAL
9.8
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and…
CVE-2025-8043
2025-07-22
CRITICAL
9.8
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird…
CVE-2025-8040
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs…
CVE-2025-8035
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and…
CVE-2025-7724
2025-07-22
N/A
0.0
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before…
CVE-2025-46171
2025-07-23
MEDIUM
5.4
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large…
CVE-2025-2634
2025-07-23
HIGH
7.8
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure…
CVE-2025-2633
2025-07-23
HIGH
7.8
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information…
CVE-2025-8037
2025-07-22
CRITICAL
9.1
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was…
CVE-2025-8036
2025-07-22
HIGH
8.1
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox…
CVE-2025-6174
2025-07-23
MEDIUM
6.1
The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before…
CVE-2025-8020
2025-07-23
HIGH
8.2
All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP…
CVE-2025-8030
2025-07-22
HIGH
8.1
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.…
CVE-2025-8029
2025-07-22
HIGH
8.1
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR <…
CVE-2025-8028
2025-07-22
CRITICAL
9.8
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from…
CVE-2025-8019
2025-07-22
HIGH
8.8
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue…
CVE-2025-6018
2025-07-23
HIGH
7.8
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows…
CVE-2025-54139
2025-07-23
MEDIUM
4.3
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and…
CVE-2025-48964
2025-07-22
MEDIUM
6.5
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection)…
CVE-2025-48498
2025-07-22
HIGH
7.5
A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of…
CVE-2025-40598
2025-07-23
MEDIUM
6.1
A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially…
CVE-2025-40597
2025-07-23
HIGH
7.5
A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service…
CVE-2025-40596
2025-07-23
HIGH
7.3
A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service…
CVE-2025-46354
2025-07-22
HIGH
7.5
A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted…
CVE-2025-36520
2025-07-22
HIGH
7.5
A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted…
CVE-2025-36117
2025-07-23
MEDIUM
6.3
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow…
CVE-2025-36116
2025-07-23
MEDIUM
6.3
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a…
CVE-2025-33077
2025-07-23
HIGH
8.8
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds…
CVE-2025-33076
2025-07-23
HIGH
8.8
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds…
CVE-2025-33020
2025-07-23
MEDIUM
5.9
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to…
CVE-2025-31701
2025-07-23
HIGH
8.1
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious…
CVE-2025-31700
2025-07-23
HIGH
8.1
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious…
CVE-2016-15045
2025-07-23
N/A
0.0
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan…
CVE-2025-8039
2025-07-22
HIGH
8.1
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability…
CVE-2025-8038
2025-07-22
CRITICAL
9.8
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR…
CVE-2025-8011
2025-07-22
HIGH
8.8
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2025-8034
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0,…
CVE-2025-8033
2025-07-22
MEDIUM
6.5
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr…
« Anterior
Página 77 de 3414
Siguiente »
Page load link
Go to Top
