Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54451
2025-07-23
CRITICAL
9.8
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects…
CVE-2025-54450
2025-07-23
HIGH
7.2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code…
CVE-2025-54449
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54448
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54447
2025-07-23
HIGH
8.1
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54446
2025-07-23
CRITICAL
9.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload…
CVE-2025-54445
2025-07-23
HIGH
8.2
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue…
CVE-2025-54444
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54443
2025-07-23
CRITICAL
9.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload…
CVE-2025-54442
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54441
2025-07-23
HIGH
8.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54440
2025-07-23
CRITICAL
9.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54439
2025-07-23
HIGH
8.8
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO…
CVE-2025-54438
2025-07-23
CRITICAL
9.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload…
CVE-2025-8022
2025-07-23
HIGH
8.8
All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS…
CVE-2025-8021
2025-07-23
HIGH
7.5
All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and…
CVE-2025-43881
2025-07-23
MEDIUM
4.3
Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited,…
CVE-2024-53288
2025-07-23
MEDIUM
5.9
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM)…
CVE-2024-53287
2025-07-23
MEDIUM
5.9
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM)…
CVE-2024-53286
2025-07-23
HIGH
7.2
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology…
CVE-2025-42947
2025-07-23
MEDIUM
5.5
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be…
CVE-2025-7722
2025-07-23
HIGH
8.8
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This…
CVE-2025-6261
2025-07-23
MEDIUM
6.4
The Fleetwire Fleet Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fleetwire_list shortcode in all…
CVE-2025-6215
2025-07-23
MEDIUM
5.3
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its…
CVE-2025-6214
2025-07-23
MEDIUM
6.5
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up…
CVE-2025-6190
2025-07-23
HIGH
8.8
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile()…
CVE-2025-6054
2025-07-23
MEDIUM
6.1
The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This…
CVE-2025-5818
2025-07-23
MEDIUM
5.5
The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery…
CVE-2025-5753
2025-07-23
MEDIUM
6.4
The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up…
CVE-2025-54120
2025-07-23
N/A
0.0
PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials…
CVE-2025-43489
2025-07-23
N/A
0.0
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could…
CVE-2025-43488
2025-07-23
N/A
0.0
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could…
CVE-2025-43487
2025-07-23
N/A
0.0
A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2.…
CVE-2025-43486
2025-07-23
N/A
0.0
A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The…
CVE-2025-43485
2025-07-23
N/A
0.0
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could…
CVE-2025-43484
2025-07-23
N/A
0.0
A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The…
CVE-2025-43483
2025-07-23
N/A
0.0
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could…
CVE-2025-43021
2025-07-22
N/A
0.0
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could…
CVE-2025-43022
2025-07-22
N/A
0.0
A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability…
CVE-2025-43020
2025-07-22
N/A
0.0
A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability…
CVE-2025-7766
2025-07-22
HIGH
8.0
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote…
CVE-2025-54141
2025-07-22
HIGH
7.5
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through…
CVE-2025-54140
2025-07-22
HIGH
7.5
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability…
CVE-2025-54138
2025-07-22
HIGH
7.5
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating…
CVE-2025-54137
2025-07-22
HIGH
7.3
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed…
CVE-2025-54072
2025-07-22
HIGH
7.5
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows…
CVE-2025-53703
2025-07-22
HIGH
7.5
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.
CVE-2025-53538
2025-07-22
HIGH
7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata…
CVE-2025-48733
2025-07-22
HIGH
7.5
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to…
CVE-2025-41425
2025-07-22
HIGH
8.1
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from…
« Anterior
Página 79 de 3415
Siguiente »
Page load link
Go to Top
