Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-44191 Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40877 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the βidβ parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22128 Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agentβs internal file transfer service that could allow remote code execution.Tableau only supports product ve... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45400 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44193 Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42171 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36784 Elsight β Elsight Halo Β Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44096 Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42170 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24398 Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42169 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42168 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-28009 A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42166 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42154 An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44194 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42237 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44196 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44197 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44198 Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44199 Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42163 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25730 Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million po... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45908 In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44200 Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1863 Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. There... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3751 SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44184 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36773 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one U... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40867 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20149 The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by send... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23978 Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer support... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40887 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44202 D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44175 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44801 D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44804 D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-28236 Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44354 SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-28238 Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-28242 Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44176 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44001 An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44807 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44808 A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40475 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.