Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-2083 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI pat... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-2605 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-0402 An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbit... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-40714 A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements | 9.9 | CRITICAL | β | 0 |
| CVE-2024-24594 A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AIβs ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the D... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-49746 Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-21663 Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker i... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-32095 Improper Control of Generation of Code ('Code Injection') vulnerability in Milan DiniΔ Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-47840 Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-46149 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-61913 Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowin... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-0066 Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-22390 Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Bui... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34385 Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-23970 Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-54347 A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain condition... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-31231 Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Element... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2023-33318 Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5199 The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attack... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33579 OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privil... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-46404 PCRS <= 3.11 (d0de1e) βQuestionsβ page and βCode editorβ page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34007 Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-4994 The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with s... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-1384 A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted au... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62016 Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33945 Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prio... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-11011 In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. | 9.9 | CRITICAL | β | 0 |
| CVE-2020-26943 An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the use... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-40029 Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kube... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-42657 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.Β An attacker could leverage this vulnerability to perform file operations (delete, rename, rm... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-32231 An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the f... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-37462 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-3342 The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in version... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5183 Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exist... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36469 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary sc... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-35150 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34465 XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-35152 XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36470 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inje... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-22647 An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the se... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29526 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access th... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29516 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29512 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, P... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29518 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leadin... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41976 An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administr... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10940 A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform fir... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29522 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macro... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-27479 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.