Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-46121
2025-07-21
N/A
0.0
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass…
CVE-2025-46120
2025-07-21
N/A
0.0
An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector, where a path-traversal flaw in…
CVE-2025-46119
2025-07-21
N/A
0.0
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp`…
CVE-2025-50151
2025-07-21
HIGH
8.8
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena…
CVE-2025-49656
2025-07-21
HIGH
7.5
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache…
CVE-2025-46118
2025-07-21
N/A
0.0
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279,…
CVE-2025-43977
2025-07-21
N/A
0.0
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user…
CVE-2025-43976
2025-07-21
N/A
0.0
The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user…
CVE-2025-7926
2025-07-21
LOW
3.5
A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown…
CVE-2025-7624
2025-07-21
CRITICAL
9.8
An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can…
CVE-2025-7382
2025-07-21
HIGH
8.8
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving…
CVE-2025-6704
2025-07-21
CRITICAL
9.8
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2…
CVE-2025-4130
2025-07-21
HIGH
7.5
Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO…
CVE-2025-4129
2025-07-21
HIGH
7.5
Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay:…
CVE-2024-13974
2025-07-21
HIGH
8.1
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to…
CVE-2024-13973
2025-07-21
MEDIUM
6.8
A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to…
CVE-2025-7925
2025-07-21
MEDIUM
4.3
A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this…
CVE-2025-7924
2025-07-21
LOW
3.5
A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an…
CVE-2025-7911
2025-07-20
HIGH
8.8
A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file…
CVE-2025-7910
2025-07-20
HIGH
8.8
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file…
CVE-2025-7909
2025-07-20
HIGH
8.8
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the…
CVE-2025-7908
2025-07-20
HIGH
8.8
A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the…
CVE-2025-7907
2025-07-20
MEDIUM
4.3
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown…
CVE-2025-7898
2025-07-20
MEDIUM
4.7
A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of…
CVE-2025-4040
2025-07-21
HIGH
7.1
Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic Station Monitoring…
CVE-2025-41100
2025-07-21
N/A
0.0
Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged…
CVE-2025-30192
2025-07-21
HIGH
7.5
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than…
CVE-2025-2301
2025-07-21
MEDIUM
4.4
Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects Online…
CVE-2025-5681
2025-07-21
MEDIUM
6.5
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23.06.2025.
CVE-2025-41459
2025-07-21
HIGH
7.8
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS…
CVE-2025-41458
2025-07-21
MEDIUM
5.5
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data…
CVE-2025-41681
2025-07-21
MEDIUM
4.8
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used…
CVE-2025-41679
2025-07-21
MEDIUM
5.3
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects…
CVE-2025-4570
2025-07-21
N/A
0.0
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be…
CVE-2025-4569
2025-07-21
N/A
0.0
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be…
CVE-2025-41678
2025-07-21
MEDIUM
6.5
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements…
CVE-2025-41677
2025-07-21
MEDIUM
4.9
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action…
CVE-2025-41676
2025-07-21
MEDIUM
4.9
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action…
CVE-2025-41675
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due…
CVE-2025-41674
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper…
CVE-2025-41673
2025-07-21
HIGH
7.2
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper…
CVE-2025-1469
2025-07-21
HIGH
7.5
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.
CVE-2024-6107
2025-07-21
CRITICAL
9.6
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in…
CVE-2025-7369
2025-07-21
MEDIUM
6.1
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…
CVE-2025-7354
2025-07-21
MEDIUM
6.4
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes…
CVE-2025-4685
2025-07-21
MEDIUM
6.4
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-4049
2025-07-21
N/A
0.0
Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate…
CVE-2025-7921
2025-07-21
CRITICAL
9.8
Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's…
CVE-2025-7920
2025-07-21
MEDIUM
6.1
WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary…
CVE-2025-7919
2025-07-21
MEDIUM
6.5
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
« Anterior
Página 89 de 3419
Siguiente »
Page load link
Go to Top
