Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7338
2025-07-17
HIGH
7.5
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to…
CVE-2025-53867
2025-07-17
N/A
0.0
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
CVE-2025-52046
2025-07-17
N/A
0.0
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc…
CVE-2025-25257
2025-07-17
CRITICAL
9.8
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0…
CVE-2023-47356
2025-07-17
N/A
0.0
Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at…
CVE-2023-41566
2025-07-17
N/A
0.0
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to…
CVE-2025-54066
2025-07-17
MEDIUM
4.7
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an…
CVE-2025-54064
2025-07-17
N/A
0.0
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable…
CVE-2025-54062
2025-07-17
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-54061
2025-07-17
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-54060
2025-07-17
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-54058
2025-07-17
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-47189
2025-07-17
MEDIUM
6.1
Netwrix Directory Manager through 2025-05-01 allows XSS.
CVE-2025-53946
2025-07-17
N/A
0.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection…
CVE-2025-53941
2025-07-17
MEDIUM
6.1
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form…
CVE-2025-53928
2025-07-17
MEDIUM
4.6
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists…
CVE-2025-53927
2025-07-17
MEDIUM
4.6
MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because…
CVE-2025-53909
2025-07-17
CRITICAL
9.1
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions…
CVE-2025-51630
2025-07-17
CRITICAL
9.8
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.
CVE-2025-40924
2025-07-17
MEDIUM
6.5
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash…
CVE-2025-1713
2025-07-17
HIGH
7.5
When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required.…
CVE-2025-5346
2025-07-17
N/A
0.0
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can…
CVE-2025-5345
2025-07-17
N/A
0.0
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can…
CVE-2025-5344
2025-07-17
N/A
0.0
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind…
CVE-2025-3415
2025-07-17
MEDIUM
4.3
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could…
CVE-2025-4302
2025-07-17
MEDIUM
5.3
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can…
CVE-2025-7735
2025-07-17
HIGH
7.5
The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-7712
2025-07-17
CRITICAL
9.1
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
CVE-2025-7729
2025-07-17
LOW
3.5
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality…
CVE-2025-7728
2025-07-17
LOW
3.5
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the…
CVE-2025-5396
2025-07-17
CRITICAL
9.8
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0.…
CVE-2025-34132
2025-07-16
N/A
0.0
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server…
CVE-2025-34130
2025-07-16
N/A
0.0
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the…
CVE-2025-34129
2025-07-16
N/A
0.0
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient…
CVE-2025-34128
2025-07-16
N/A
0.0
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to…
CVE-2025-34127
2025-07-16
N/A
0.0
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the…
CVE-2025-34126
2025-07-16
N/A
0.0
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on…
CVE-2025-34125
2025-07-16
N/A
0.0
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware…
CVE-2025-34124
2025-07-16
N/A
0.0
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and…
CVE-2025-52933
2025-07-17
N/A
0.0
Rejected reason: 3rd party vulnerability
CVE-2024-12498
2025-07-16
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7703
2025-07-16
MEDIUM
6.8
Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.
CVE-2025-34123
2025-07-16
N/A
0.0
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue…
CVE-2025-34121
2025-07-16
N/A
0.0
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php`…
CVE-2025-40919
2025-07-16
MEDIUM
6.5
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40918
2025-07-16
MEDIUM
6.5
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5…
CVE-2025-40913
2025-07-16
MEDIUM
6.5
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version…
CVE-2025-40923
2025-07-16
HIGH
7.3
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded…
CVE-2025-34120
2025-07-16
N/A
0.0
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application…
CVE-2025-34119
2025-07-16
N/A
0.0
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The…
« Anterior
Página 99 de 3422
Siguiente »
Page load link
Go to Top
