Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-38509 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39990 The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6460 The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on th... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54951 A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48070 An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2785 Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4160 Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4120 Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-8787 The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4422 The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2786 The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof br... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4121 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4448 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4161 Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4162 Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4163 Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4138 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54807 The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2496 The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ove... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2310 General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, whi... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-0746 Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecif... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-3720 XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-5804 Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2141 It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23219 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adic... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23218 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adic... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37057 An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1128 The Everest Forms β Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file typ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14733 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accoun... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57035 WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57034 WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57032 WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing an... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38693 Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1066 OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1871 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-0177 The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to s... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-39462 In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_b... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21741 GigaDevice GD32E103C8T6 devices have Incorrect Access Control. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26966 Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2345 A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. I... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57061 An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-39704 Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 4631... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48126 HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1875 SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-56525 In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25317 Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient ses... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37632 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.