Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7766
2025-07-22
HIGH
8.0
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote…
CVE-2025-54141
2025-07-22
HIGH
7.5
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through…
CVE-2025-54140
2025-07-22
HIGH
7.5
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability…
CVE-2025-54138
2025-07-22
HIGH
7.5
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating…
CVE-2025-54137
2025-07-22
HIGH
7.3
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed…
CVE-2025-54072
2025-07-22
HIGH
7.5
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows…
CVE-2025-53703
2025-07-22
HIGH
7.5
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.
CVE-2025-53538
2025-07-22
HIGH
7.5
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata…
CVE-2025-48733
2025-07-22
HIGH
7.5
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to…
CVE-2025-41425
2025-07-22
HIGH
8.1
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from…
CVE-2025-7723
2025-07-22
N/A
0.0
A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects…
CVE-2025-51472
2025-07-22
MEDIUM
6.5
Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in…
CVE-2025-51462
2025-07-22
MEDIUM
6.1
Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input…
CVE-2025-51459
2025-07-22
MEDIUM
6.5
File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin…
CVE-2025-31513
2025-07-22
MEDIUM
6.5
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a…
CVE-2025-31512
2025-07-22
HIGH
7.3
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API…
CVE-2025-51475
2025-07-22
MEDIUM
5.0
Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames…
CVE-2025-51458
2025-07-22
MEDIUM
6.5
SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted…
CVE-2025-51479
2025-07-22
MEDIUM
5.4
Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via…
CVE-2025-31511
2025-07-22
HIGH
7.3
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a…
CVE-2025-6741
2025-07-22
HIGH
7.7
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the…
CVE-2025-6523
2025-07-22
HIGH
7.7
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute…
CVE-2025-51471
2025-07-22
MEDIUM
6.9
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via…
CVE-2025-51464
2025-07-22
HIGH
8.8
Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python…
CVE-2025-51481
2025-07-22
MEDIUM
6.6
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files…
CVE-2025-51482
2025-07-22
HIGH
8.8
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands…
CVE-2025-51480
2025-07-22
HIGH
8.8
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing…
CVE-2025-51463
2025-07-22
HIGH
7.0
Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a…
CVE-2024-38335
2025-07-22
MEDIUM
4.5
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service…
CVE-2025-7371
2025-07-22
MEDIUM
6.8
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access…
CVE-2025-5042
2025-07-22
HIGH
7.8
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can…
CVE-2025-51865
2025-07-22
HIGH
8.8
Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to…
CVE-2025-51864
2025-07-22
MEDIUM
6.5
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through…
CVE-2025-51863
2025-07-22
MEDIUM
6.1
Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allows attackers to execute arbitrary code via a…
CVE-2025-51862
2025-07-22
MEDIUM
6.1
Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this…
CVE-2025-51860
2025-07-22
MEDIUM
6.1
Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and character container component. An attacker can achieve…
CVE-2025-51859
2025-07-22
MEDIUM
6.5
Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side…
CVE-2025-51858
2025-07-22
MEDIUM
6.1
Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via…
CVE-2025-36512
2025-07-22
HIGH
7.5
A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially…
CVE-2025-35966
2025-07-22
HIGH
7.5
A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted…
CVE-2025-8018
2025-07-22
MEDIUM
6.3
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this…
CVE-2025-8015
2025-07-22
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's…
CVE-2025-4878
2025-07-22
LOW
3.6
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw…
CVE-2025-8017
2025-07-22
HIGH
8.8
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of…
CVE-2025-7949
2025-07-22
LOW
3.5
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability…
CVE-2025-7948
2025-07-22
MEDIUM
4.3
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality…
CVE-2025-7947
2025-07-22
MEDIUM
5.4
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the…
CVE-2025-7946
2025-07-22
MEDIUM
4.3
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. This issue affects…
CVE-2025-7717
2025-07-21
HIGH
7.5
Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0…
CVE-2025-7716
2025-07-21
MEDIUM
6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting…
« Anterior
Página 80 de 3415
Siguiente »
Page load link
Go to Top
