Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-33020
2025-07-23
MEDIUM
5.9
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to…
CVE-2025-31701
2025-07-23
HIGH
8.1
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious…
CVE-2025-31700
2025-07-23
HIGH
8.1
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious…
CVE-2016-15045
2025-07-23
N/A
0.0
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan…
CVE-2025-8039
2025-07-22
HIGH
8.1
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability…
CVE-2025-8038
2025-07-22
CRITICAL
9.8
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR…
CVE-2025-8011
2025-07-22
HIGH
8.8
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2025-8034
2025-07-22
HIGH
8.8
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0,…
CVE-2025-8033
2025-07-22
MEDIUM
6.5
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr…
CVE-2025-8032
2025-07-22
HIGH
8.1
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141,…
CVE-2025-8031
2025-07-22
CRITICAL
9.8
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability…
CVE-2025-8027
2025-07-22
MEDIUM
6.5
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read…
CVE-2025-54090
2025-07-23
MEDIUM
6.3
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended…
CVE-2025-8010
2025-07-22
HIGH
8.8
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2025-46099
2025-07-23
HIGH
7.1
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory…
CVE-2025-40599
2025-07-23
CRITICAL
9.1
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative…
CVE-2022-4978
2025-07-23
N/A
0.0
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration.…
CVE-2018-25114
2025-07-23
N/A
0.0
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication…
CVE-2018-25113
2025-07-23
N/A
0.0
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote…
CVE-2017-20198
2025-07-23
N/A
0.0
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of…
CVE-2015-10141
2025-07-23
N/A
0.0
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick…
CVE-2010-10012
2025-07-23
N/A
0.0
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read…
CVE-2025-4411
2025-07-23
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting…
CVE-2025-54297
2025-07-23
N/A
0.0
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
CVE-2025-54296
2025-07-23
N/A
0.0
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
CVE-2025-54295
2025-07-23
N/A
0.0
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
CVE-2025-54294
2025-07-23
N/A
0.0
A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.
CVE-2025-50127
2025-07-23
N/A
0.0
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL…
CVE-2025-4296
2025-07-23
MEDIUM
4.7
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing.This issue affects B2B: before 04.06.2025.
CVE-2024-41751
2025-07-23
MEDIUM
5.5
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to…
CVE-2024-41750
2025-07-23
MEDIUM
5.5
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to…
CVE-2024-40686
2025-07-23
MEDIUM
5.4
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused…
CVE-2024-40682
2025-07-23
MEDIUM
6.2
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause…
CVE-2024-12310
2025-07-23
N/A
0.0
A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and…
CVE-2025-27930
2025-07-23
MEDIUM
6.4
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
CVE-2025-41687
2025-07-23
CRITICAL
9.8
An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access…
CVE-2025-41684
2025-07-23
HIGH
8.8
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing…
CVE-2025-41683
2025-07-23
HIGH
8.8
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing…
CVE-2025-8070
2025-07-23
N/A
0.0
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker…
CVE-2025-54455
2025-07-23
CRITICAL
9.1
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less…
CVE-2025-54454
2025-07-23
CRITICAL
9.1
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less…
CVE-2025-54453
2025-07-23
HIGH
8.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code…
CVE-2025-54452
2025-07-23
HIGH
7.3
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
CVE-2025-54451
2025-07-23
CRITICAL
9.8
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects…
CVE-2025-54450
2025-07-23
HIGH
7.2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code…
CVE-2025-54449
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54448
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54447
2025-07-23
HIGH
8.1
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54446
2025-07-23
CRITICAL
9.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload…
CVE-2025-54445
2025-07-23
HIGH
8.2
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue…
« Anterior
Página 78 de 3415
Siguiente »
Page load link
Go to Top
