Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-33246 For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-27992 The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-33009 A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2020-12641 rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-44026 Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-7593 Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2020-15415 On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-33045 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-33044 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-23897 Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2019-0344 Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybr... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-31398 Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23113 A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-45513 Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9680 An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-45249 Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-5217 ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated us... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-4879 ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-32030 The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticate... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-33010 A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-38035 A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due t... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-25717 Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2017-18368 The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessi... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-57819 FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to Free... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-35078 An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-3519 Unauthenticated remote code execution | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-7775 Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, C... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-6543 Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, For... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-53770 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exist... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-46747 Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbi... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2017-1000353 Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2019-9874 Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-22515 Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Cente... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-42793 In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-20439 A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerabilit... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-31201 This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and wr... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2018-14667 The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-27350 This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The spe... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-6047 Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-11120 Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-56145 Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-38915 File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39641 Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46369 Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39659 An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39661 An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39662 An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39639 LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.