Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-0518
2026-01-17
N/A
0.0
CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.
CVE-2026-0517
2026-01-17
N/A
0.0
CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the…
CVE-2026-22865
2026-01-16
N/A
0.0
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated…
CVE-2026-22816
2026-01-16
N/A
0.0
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated…
CVE-2025-5489
2026-01-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-5102
2026-01-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-8506
2026-01-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-8491
2026-01-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-23745
2026-01-16
N/A
0.0
node-tar is a Tar for Node.js. The node-tar library (
CVE-2026-23744
2026-01-16
CRITICAL
9.8
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send…
CVE-2026-21223
2026-01-16
MEDIUM
5.1
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface…
CVE-2026-20960
2026-01-16
HIGH
8.0
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
CVE-2026-0616
2026-01-16
HIGH
7.5
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has…
CVE-2026-0613
2026-01-16
HIGH
7.5
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses…
CVE-2026-0612
2026-01-16
HIGH
7.5
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used…
CVE-2025-56451
2026-01-16
MEDIUM
6.1
Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint.
CVE-2025-15529
2026-01-16
MEDIUM
5.3
A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of…
CVE-2025-15528
2026-01-16
MEDIUM
5.3
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads…
CVE-2025-69581
2026-01-16
HIGH
7.5
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the…
CVE-2025-14894
2026-01-16
HIGH
7.5
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file…
CVE-2021-47845
2026-01-16
HIGH
7.8
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the…
CVE-2021-47844
2026-01-16
MEDIUM
6.1
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded…
CVE-2021-47842
2026-01-16
HIGH
7.2
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads…
CVE-2021-47841
2026-01-16
MEDIUM
6.1
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers…
CVE-2021-47840
2026-01-16
HIGH
7.2
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript…
CVE-2021-47839
2026-01-16
HIGH
7.2
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads…
CVE-2021-47838
2026-01-16
HIGH
7.2
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary…
CVE-2021-47837
2026-01-16
HIGH
7.2
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that…
CVE-2021-47836
2026-01-16
MEDIUM
6.1
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded…
CVE-2021-47835
2026-01-16
HIGH
7.2
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded…
CVE-2021-47832
2026-01-16
HIGH
7.8
Sandboxie Plus 0.7.4 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted…
CVE-2021-47831
2026-01-16
HIGH
7.5
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer…
CVE-2021-47821
2026-01-16
HIGH
7.5
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a…
CVE-2021-47812
2026-01-16
HIGH
7.5
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce…
CVE-2021-47811
2026-01-16
HIGH
8.2
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the…
CVE-2021-47810
2026-01-16
HIGH
7.8
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path…
CVE-2021-47809
2026-01-16
HIGH
7.8
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…
CVE-2021-47808
2026-01-16
HIGH
7.2
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to…
CVE-2021-47807
2026-01-16
HIGH
7.8
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2021-47806
2026-01-16
HIGH
7.8
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2021-47793
2026-01-16
HIGH
7.5
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million…
CVE-2021-47792
2026-01-16
HIGH
7.8
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path…
CVE-2021-47791
2026-01-16
HIGH
7.5
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths,…
CVE-2021-47790
2026-01-16
HIGH
7.8
Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path…
CVE-2021-47789
2026-01-16
HIGH
7.5
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by…
CVE-2021-47788
2026-01-16
HIGH
8.8
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by…
CVE-2021-47787
2026-01-16
HIGH
7.8
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially…
CVE-2021-47786
2026-01-16
HIGH
7.5
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte…
CVE-2021-47785
2026-01-16
CRITICAL
9.8
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite…
CVE-2019-25297
2026-01-16
N/A
0.0
Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input…
« Anterior
Página 87 de 3928
Siguiente »
Page load link
Go to Top
