Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-57604 An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-51138 Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-51139 Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24495 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40266 An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31750 SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1609 The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50026 SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50706 Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34982 An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24398 Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22204 Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51906 An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36511 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35056 NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24543 Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via craf... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46226 Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45947 An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34048 O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27683 D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6049 The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable ga... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26775 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33999 The referrer URL used by MFA required additional sanitizing, rather than being used directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24112 xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22852 D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted pa... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6623 The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3180 The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accoun... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31818 Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45949 A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. I... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34256 OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51928 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a craft... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51927 YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1284 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24001 jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24186 Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51892 An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31314 File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29937 NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38995 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50694 An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24018 A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31860 An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51952 Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24003 jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50693 An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13239 Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24216 Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44077 Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42733 An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.