Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-40315 PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concaten... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34018 An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1465 The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrate... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41242 protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4619 Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4620 OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4622 OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1591 Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultan... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10574 An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19608 A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredLis... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10571 An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15522 An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13581 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A h... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13582 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A s... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9477 An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to captu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10567 An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. Thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6198 SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10564 An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because o... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20481 In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12128 In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-6310 Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-6311 generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10563 An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18183 pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13566 An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly e... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18622 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14310 Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14299 Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local acco... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13202 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the we... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13201 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13197 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18182 pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20504 service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5582 opendnssec misuses libcurl API | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8132 Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-16356 An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13192 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to e... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13172 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13171 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unaut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13169 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1000006 hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13168 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13165 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9761 An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distribute... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14345 TemaTres 3.0 allows remote unprivileged users to create an administrator account | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10077 GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10074 GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9355 danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10180 The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.