Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-67833
2026-01-14
MEDIUM
6.1
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.
CVE-2025-33206
2026-01-14
HIGH
7.8
NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of…
CVE-2025-14557
2026-01-14
N/A
0.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through…
CVE-2025-14556
2026-01-14
N/A
0.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
CVE-2025-11224
2026-01-14
HIGH
7.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated…
CVE-2022-50934
2026-01-13
N/A
0.0
Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CVE-2022-50807
2026-01-13
N/A
0.0
Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CVE-2026-22859
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them…
CVE-2026-22858
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined…
CVE-2026-22857
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then…
CVE-2026-22856
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one…
CVE-2026-22855
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match…
CVE-2026-22854
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read…
CVE-2026-22853
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and…
CVE-2026-22852
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing…
CVE-2026-22851
2026-01-14
N/A
0.0
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread…
CVE-2026-22819
2026-01-14
MEDIUM
5.9
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of…
CVE-2025-14502
2026-01-14
CRITICAL
9.8
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This…
CVE-2026-21303
2026-01-13
MEDIUM
5.5
Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-21302
2026-01-13
MEDIUM
5.5
Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-21301
2026-01-13
MEDIUM
5.5
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction…
CVE-2026-21300
2026-01-13
MEDIUM
5.5
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction…
CVE-2026-21299
2026-01-13
HIGH
7.8
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21298
2026-01-13
HIGH
7.8
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21308
2026-01-13
MEDIUM
5.5
Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-21307
2026-01-13
HIGH
7.8
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21306
2026-01-13
HIGH
7.8
Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21305
2026-01-13
HIGH
7.8
Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-22787
2026-01-14
N/A
0.0
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather…
CVE-2026-22779
2026-01-14
N/A
0.0
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection.…
CVE-2026-22708
2026-01-14
N/A
0.0
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell…
CVE-2026-22694
2026-01-14
MEDIUM
6.1
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated.…
CVE-2026-21889
2026-01-14
N/A
0.0
Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an…
CVE-2025-70968
2026-01-14
CRITICAL
9.8
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
CVE-2025-37185
2026-01-14
MEDIUM
5.5
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user…
CVE-2025-37184
2026-01-14
MEDIUM
6.5
A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an…
CVE-2025-37183
2026-01-14
HIGH
7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to…
CVE-2025-37182
2026-01-14
HIGH
7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to…
CVE-2025-67399
2026-01-14
MEDIUM
4.6
An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi…
CVE-2025-37181
2026-01-14
HIGH
7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to…
CVE-2020-36919
2026-01-13
MEDIUM
6.1
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary…
CVE-2026-23478
2026-01-13
N/A
0.0
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access…
CVE-2025-68947
2026-01-13
MEDIUM
4.7
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL…
CVE-2025-68658
2026-01-13
MEDIUM
4.3
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS…
CVE-2026-22871
2026-01-13
N/A
0.0
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI…
CVE-2026-22870
2026-01-13
N/A
0.0
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs),…
CVE-2026-22869
2026-01-13
N/A
0.0
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable…
CVE-2026-22868
2026-01-13
N/A
0.0
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is…
CVE-2026-22862
2026-01-13
N/A
0.0
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is…
CVE-2026-22861
2026-01-13
HIGH
8.8
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There…
« Anterior
Página 97 de 3929
Siguiente »
Page load link
Go to Top
