Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-8319
2025-07-30
MEDIUM
6.1
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via…
CVE-2025-54573
2025-07-30
MEDIUM
4.3
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email…
CVE-2025-54433
2025-07-30
N/A
0.0
Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0…
CVE-2025-53944
2025-07-30
HIGH
7.7
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below,…
CVE-2025-53357
2025-07-30
MEDIUM
5.4
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides…
CVE-2025-8292
2025-07-30
HIGH
8.8
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap…
CVE-2025-54381
2025-07-29
CRITICAL
9.9
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0…
CVE-2025-53113
2025-07-30
LOW
2.7
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides…
CVE-2025-53112
2025-07-30
MEDIUM
4.3
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software…
CVE-2025-53111
2025-07-30
MEDIUM
6.5
GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks…
CVE-2025-46811
2025-07-30
CRITICAL
9.8
A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to…
CVE-2025-43018
2025-07-30
N/A
0.0
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address…
CVE-2025-43265
2025-07-30
MEDIUM
4.0
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, visionOS 2.6, iOS 18.6…
CVE-2025-43217
2025-07-30
MEDIUM
4.0
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6.…
CVE-2025-43206
2025-07-30
MEDIUM
4.0
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in…
CVE-2025-43197
2025-07-30
MEDIUM
4.0
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS…
CVE-2025-31276
2025-07-30
MEDIUM
5.3
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9.…
CVE-2025-40600
2025-07-29
CRITICAL
9.8
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service…
CVE-2025-54572
2025-07-30
N/A
0.0
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a…
CVE-2025-54430
2025-07-30
CRITICAL
9.1
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured…
CVE-2025-54425
2025-07-30
MEDIUM
5.3
Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery…
CVE-2025-54410
2025-07-30
LOW
3.3
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime,…
CVE-2025-54388
2025-07-30
N/A
0.0
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime,…
CVE-2025-53008
2025-07-30
MEDIUM
6.5
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL…
CVE-2025-52897
2025-07-30
MEDIUM
6.5
GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send…
CVE-2025-52567
2025-07-30
LOW
3.5
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2025-43274
2025-07-30
MEDIUM
4.4
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed…
CVE-2025-43226
2025-07-30
MEDIUM
4.0
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS…
CVE-2025-43223
2025-07-30
HIGH
7.5
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS…
CVE-2025-43191
2025-07-30
MEDIUM
6.2
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7,…
CVE-2025-47001
2025-07-30
MEDIUM
5.4
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused…
CVE-2024-43018
2025-07-29
MEDIUM
6.4
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in…
CVE-2025-6348
2025-07-30
MEDIUM
4.9
The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions…
CVE-2025-1394
2025-07-30
N/A
0.0
Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in…
CVE-2025-1221
2025-07-30
N/A
0.0
A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host…
CVE-2025-38498
2025-07-30
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that…
CVE-2025-8323
2025-07-30
HIGH
8.8
The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell…
CVE-2025-8322
2025-07-30
HIGH
8.8
The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including…
CVE-2025-8321
2025-07-30
MEDIUM
6.8
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of…
CVE-2025-8320
2025-07-30
HIGH
8.8
Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary…
CVE-2025-8217
2025-07-30
MEDIUM
4.0
The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q…
CVE-2025-4426
2025-07-30
MEDIUM
6.0
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-4425
2025-07-30
HIGH
8.2
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-4424
2025-07-30
MEDIUM
6.0
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-4423
2025-07-30
HIGH
8.2
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-4422
2025-07-30
HIGH
8.2
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-4421
2025-07-30
HIGH
8.2
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage…
CVE-2025-25011
2025-07-30
HIGH
7.0
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises…
CVE-2025-0712
2025-07-30
HIGH
7.0
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises…
CVE-2025-43277
2025-07-30
N/A
0.0
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, watchOS 11.6,…
« Anterior
Página 9 de 3360
Siguiente »
Page load link
Go to Top
