Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-27210
2025-07-18
HIGH
7.5
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX.…
CVE-2025-27209
2025-07-18
HIGH
7.5
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the…
CVE-2025-7814
2025-07-18
HIGH
7.3
A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of…
CVE-2025-7807
2025-07-18
HIGH
8.8
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter…
CVE-2025-7806
2025-07-18
HIGH
8.8
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file…
CVE-2025-50583
2025-07-18
N/A
0.0
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.
CVE-2025-50582
2025-07-18
N/A
0.0
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module.
CVE-2025-50581
2025-07-18
N/A
0.0
MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.
CVE-2025-7805
2025-07-18
HIGH
8.8
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file…
CVE-2025-7803
2025-07-18
LOW
3.5
A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function…
CVE-2025-54310
2025-07-18
MEDIUM
4.0
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects…
CVE-2025-50708
2025-07-18
N/A
0.0
An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in…
CVE-2025-50584
2025-07-18
N/A
0.0
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module.
CVE-2025-7802
2025-07-18
LOW
3.5
A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some…
CVE-2025-7801
2025-07-18
HIGH
7.3
A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2025-7800
2025-07-18
LOW
3.5
A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the…
CVE-2025-7798
2025-07-18
MEDIUM
6.3
A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to…
CVE-2025-52169
2025-07-18
HIGH
7.1
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.
CVE-2025-52163
2025-07-18
MEDIUM
6.5
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows…
CVE-2025-52168
2025-07-18
MEDIUM
6.5
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers…
CVE-2025-52166
2025-07-18
MEDIUM
6.5
Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator…
CVE-2025-52164
2025-07-18
HIGH
8.2
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
CVE-2025-52162
2025-07-18
MEDIUM
6.5
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the…
CVE-2025-50585
2025-07-18
N/A
0.0
StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.
CVE-2025-50586
2025-07-18
MEDIUM
6.5
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).
CVE-2025-45157
2025-07-18
MEDIUM
6.5
Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.
CVE-2025-45156
2025-07-18
MEDIUM
5.3
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.
CVE-2025-46000
2025-07-18
MEDIUM
6.5
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code…
CVE-2025-46002
2025-07-18
MEDIUM
6.5
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request…
CVE-2025-33014
2025-07-18
MEDIUM
5.4
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with…
CVE-2025-7754
2025-07-17
MEDIUM
6.3
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects…
CVE-2025-7753
2025-07-17
HIGH
7.3
A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an…
CVE-2025-7752
2025-07-17
HIGH
7.3
A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is…
CVE-2025-7751
2025-07-17
HIGH
7.3
A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability…
CVE-2025-7750
2025-07-17
HIGH
7.3
A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown…
CVE-2025-7797
2025-07-18
MEDIUM
5.3
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is…
CVE-2025-7796
2025-07-18
HIGH
8.8
A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the…
CVE-2025-7795
2025-07-18
HIGH
8.8
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the…
CVE-2025-53901
2025-07-18
LOW
3.5
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the…
CVE-2025-7794
2025-07-18
HIGH
8.8
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of…
CVE-2025-7793
2025-07-18
HIGH
8.8
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file…
CVE-2025-7792
2025-07-18
HIGH
8.8
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter…
CVE-2025-7783
2025-07-18
N/A
0.0
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files…
CVE-2025-53762
2025-07-18
HIGH
8.7
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
CVE-2025-49747
2025-07-18
CRITICAL
9.9
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-49746
2025-07-18
CRITICAL
9.9
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47995
2025-07-18
MEDIUM
6.5
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47158
2025-07-18
CRITICAL
9.0
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-7791
2025-07-18
LOW
3.5
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability…
CVE-2025-7790
2025-07-18
HIGH
8.8
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of…
« Anterior
Página 93 de 3419
Siguiente »
Page load link
Go to Top
