Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7344
2025-07-21
HIGH
8.8
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges…
CVE-2025-7343
2025-07-21
CRITICAL
9.8
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to…
CVE-2025-24938
2025-07-21
N/A
0.0
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker…
CVE-2025-24937
2025-07-21
N/A
0.0
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in…
CVE-2025-7918
2025-07-21
CRITICAL
9.8
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-7917
2025-07-21
HIGH
7.2
WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to…
CVE-2025-24936
2025-07-21
N/A
0.0
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable…
CVE-2025-0664
2025-07-21
N/A
0.0
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary…
CVE-2025-7916
2025-07-21
CRITICAL
9.8
WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the…
CVE-2025-54352
2025-07-21
LOW
3.7
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE:…
CVE-2025-7915
2025-07-21
HIGH
7.3
A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality…
CVE-2025-7914
2025-07-21
HIGH
8.8
A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function…
CVE-2025-7913
2025-07-21
HIGH
8.8
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the…
CVE-2025-53771
2025-07-20
MEDIUM
6.3
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to…
CVE-2025-53770
2025-07-20
CRITICAL
9.8
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft…
CVE-2025-7912
2025-07-20
HIGH
8.8
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus…
CVE-2025-54319
2025-07-20
MEDIUM
6.3
An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to…
CVE-2025-7906
2025-07-20
MEDIUM
6.3
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile…
CVE-2025-7905
2025-07-20
MEDIUM
6.3
A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code…
CVE-2025-54317
2025-07-20
HIGH
8.4
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when…
CVE-2025-54316
2025-07-20
MEDIUM
4.9
An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in…
CVE-2025-49087
2025-07-20
MEDIUM
4.0
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to…
CVE-2025-47917
2025-07-20
HIGH
8.9
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation.…
CVE-2025-48965
2025-07-20
MEDIUM
4.0
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but…
CVE-2025-7904
2025-07-20
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part…
CVE-2025-7903
2025-07-20
MEDIUM
4.3
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown…
CVE-2025-7902
2025-07-20
LOW
3.5
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of…
CVE-2025-7901
2025-07-20
MEDIUM
4.3
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some…
CVE-2025-7897
2025-07-20
HIGH
7.3
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the…
CVE-2025-7896
2025-07-20
MEDIUM
6.3
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is…
CVE-2025-7895
2025-07-20
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file…
CVE-2025-46385
2025-07-20
HIGH
8.6
CWE-918 Server-Side Request Forgery (SSRF)
CVE-2025-46384
2025-07-20
HIGH
8.8
CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-46383
2025-07-20
MEDIUM
6.1
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-46382
2025-07-20
MEDIUM
5.3
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-7894
2025-07-20
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function…
CVE-2025-7893
2025-07-20
MEDIUM
5.3
A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown…
CVE-2025-7892
2025-07-20
MEDIUM
5.3
A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown…
CVE-2025-7891
2025-07-20
MEDIUM
5.3
A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as…
CVE-2025-7890
2025-07-20
MEDIUM
5.3
A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected…
CVE-2025-7889
2025-07-20
MEDIUM
5.3
A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic.…
CVE-2025-7888
2025-07-20
MEDIUM
6.3
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the…
CVE-2025-7887
2025-07-20
MEDIUM
4.3
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code…
CVE-2025-7886
2025-07-20
HIGH
7.3
A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage…
CVE-2025-7885
2025-07-20
MEDIUM
4.3
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue…
CVE-2025-7884
2025-07-20
LOW
3.3
A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality…
CVE-2025-7883
2025-07-20
HIGH
7.8
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the…
CVE-2025-7882
2025-07-20
LOW
3.1
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects…
CVE-2025-7881
2025-07-20
LOW
2.7
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects…
CVE-2025-7880
2025-07-20
MEDIUM
6.3
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is…
« Anterior
Página 90 de 3419
Siguiente »
Page load link
Go to Top
