Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-45809 GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary use... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27078 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44978 iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26184 Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malici... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1286 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24167 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1276 Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26249 Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27079 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24259 An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27080 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26284 Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the applica... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26285 Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's datab... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42637 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27081 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24263 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24827 The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection is... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27082 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27083 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22642 This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46093 eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45414 A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23881 ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22641 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24165 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary com... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43650 WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20887 Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-25578 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27811 GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22635 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22632 A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43700 An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43136 An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26186 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43517 FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25461 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38125 Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the depl... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31617 In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24219 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24292 Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41081 Zoho ManageEngine Network Configuration Manager before ο»Ώο»Ώ125465 is vulnerable to SQL Injection in a configuration search. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27047 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22258 The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and resul... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40521 Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24220 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24150 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the re... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24221 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24222 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24148 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22586 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileg... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.