Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-48175 Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48006 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /in... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29275 SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25024 OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4395 The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achiev... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35605 The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error messag... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23334 The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-3191 A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23935 Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24612 The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-17671 vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48108 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to roo... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48107 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25727 Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31546 Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48011 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48008 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44298 SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30938 SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2052 Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30990 SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48066 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46967 An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32161 jizhiCMS 2.5 suffers from a File upload vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24456 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26325 ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24444 Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24443 Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24441 Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24430 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24429 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24427 Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24170 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24169 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24167 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24166 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30981 SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30980 SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php p... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44097 Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24164 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30985 SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" param... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32207 When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21082 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability al... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30001 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30000 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47767 A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16693 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30982 SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-3195 Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24165 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.