Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-23311 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23310 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6994 The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50707 An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50706 An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30404 An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuT... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27212 An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Acce... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-5765 The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40906 BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2421 Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-46557 XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages lo... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-32980 NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31691 Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6679 The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthent... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27845 In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43984 An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8047 The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55346 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simp... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-10018 myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43986 An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40535 Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43982 Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52385 An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50594 An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account passw... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51452 In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8913 Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8760 A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buf... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6715 The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7384 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55168 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25256 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 throu... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53766 Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50165 Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55167 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/d... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8059 The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and in... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8853 Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6573 Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5095 Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent dir... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52913 A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insuffic... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8284 By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8731 A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credent... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8356 In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8730 A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54952 An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effec... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50692 FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41527 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41526 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12219 Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7744 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12275 Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.