Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-35047 Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the compone... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-35049 Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37288 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secur... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-31380 Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-30547 A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execut... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41934 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43401 A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with pe... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16323 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16335 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-44588 Unauth. SQL Injection vulnerability inΒ Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-29176 Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems ev... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29511 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, P... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-35893 IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 25882... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36355 TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-42657 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.Β An attacker could leverage this vulnerability to perform file operations (delete, rename, rm... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-51470 Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre β Dating Site.This issue affects Rencontre β Dating Site: from n/a through 3.11.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-25108 Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users inte... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43684 ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following su... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-40200 Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | 9.9 | CRITICAL | β | 0 |
| CVE-2009-3616 Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VN... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-2599 File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastru... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39931 Gogs through 0.13.0 allows deletion of internal files. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39932 Gogs through 0.13.0 allows argument injection during the previewing of changes. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5964 The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-40585 A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR comp... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-27127 Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-46093 LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39700 JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has a... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-3710 Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.Β Update to the late... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-61913 Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowin... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-60306 code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8624 The MDTF β Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8463 File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-43249 Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29214 XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-45076 IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-33109 Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16334 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16324 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-1003029 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenk... | 9.9 | CRITICAL | KEV | 0 |
| CVE-2022-43403 A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define an... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20432 A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to impo... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-39842 OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-34717 OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33873 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validatio... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33579 OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privil... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-34571 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-32922 OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrai... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62016 Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.