Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-0307 Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33963 DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4333 Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardenin... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-21554 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2023-2645 A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/pas... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41331 A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and Mon... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35854 Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privilege... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1877 Command Injection in GitHub repository microweber/microweber prior to 1.3.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43634 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0750 Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.Β When the device can be accessed over the network an attacker could bypass authentication. This would ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29842 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24823 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted fra... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28489 A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via th... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1788 Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32692 CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, a... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19902 Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28765 An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31411 A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to p... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31410 A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-2907 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; AP... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28843 PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from rel... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34939 Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27603 In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path,Β This is a Zip Slip issue, which will lead to aΒ potential RCE vulnerability. We recommen... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-2972 Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32571 Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32243 Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.Β This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36972 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41903 Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-su... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36974 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36975 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36976 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36977 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36978 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0854 Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigg... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36979 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the exi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36981 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the exi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36983 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exist... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33299 A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25076 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28706 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35784 A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affect... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35857 In Siren Investigate before 13.2.2, session keys remain active even after logging out. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34832 TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1725 Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29734 An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24941 Windows Network File System Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0853 Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25330 A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24943 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32943 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, Web... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.