Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-27647 Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10687 The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery β Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection v... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27646 Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10245 The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' fu... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32850 Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26569 Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36108 casgate is an Open Source Identity and Access Management system. In affected versions `casgate` allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoin... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48871 The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copyin... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-7921 An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2020-25952 SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-51327 SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48874 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers cou... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52324 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45569 Memory corruption while parsing the ML IE due to invalid frame content. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38921 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38922 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted messag... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38923 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38924 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38925 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38926 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38927 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41644 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41645 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41646 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41647 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41648 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pu... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41649 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41650 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9452 The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44852 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10891 An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7826 Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue aff... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7825 Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7824 Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9157 A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by s... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1453 Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long param... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9052 An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9054 An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2315 revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based bu... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-5343 drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2324 Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibl... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-7126 The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of servi... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-7567 Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-5005 Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to e... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4503 Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9555 The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-o... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-7117 Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system c... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-3955 The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecifi... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.