Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-33032 A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows re... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-23198 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-7854 The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-28100 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-52... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4309 Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-33105 Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-20700 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-22612 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-54419 A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-3499 The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbit... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-6512 On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49447 Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-37143 Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell P... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-2825 An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attac... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31377 Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-3820 The wpDataTables β WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-52181 Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51505 Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for W... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-29384 Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin β JobWP.This issue affects WordPress Job Board and Recruitment Plugin β JobWP: fro... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-60206 Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-45894 The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-22583 The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-10878 A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unau... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and cou... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-40422 An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-20709 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-20711 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-35489 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-40519 Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | 10.0 | CRITICAL | β | 0 |
| CVE-2020-6779 Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-25213 The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2020-24186 A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-9412 The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the pri... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-6770 Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-11510 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary ... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-24085 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvO... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2021-22657 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-19810 Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-6795 In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.Β ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-31324 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely har... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-27211 Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-bl... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-24022 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to aut... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-1968 Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, incl... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-47893 There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-52694 Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-48106 Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-9574 Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .Β All firmware versions with the Serial Number from 2000 to 5166 | 10.0 | CRITICAL | β | 0 |
| CVE-2021-34770 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unaut... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31982 XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the s... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-22609 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach a... | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.