Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-31351 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1363 IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web fro... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14014 Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality N... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36967 Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22906 User credentials are stored using AESβECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69564 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1364 IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37012 Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious La... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15403 The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1729 The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69563 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0610 SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69562 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69559 code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24832 Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14894 Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malic... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69565 code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24429 Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during i... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37176 Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14231 Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unr... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47901 Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47900 Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers ca... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45969 Alist v3.4.0 is vulnerable to Directory Traversal, | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54489 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54490 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28988 SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69329 Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9392 A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53853 A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24263 A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53557 A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-58143 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of gue... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64103 Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64102 Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows prev... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-58142 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of gue... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54482 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27466 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of gue... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54487 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54483 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53518 An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54484 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24297 Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-48913 If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to rej... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54486 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-53606 Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-63453 Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54491 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27224 TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-28388 OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54492 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.