Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-2104 The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | 9.9 | CRITICAL | β | 0 |
| CVE-2022-24900 Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.joi... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-24877 Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to impo... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43403 A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define an... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16267 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-45808 SQL Injection vulnerability inΒ LearnPress β WordPress LMS Plugin <=Β 4.1.7.3.2 versions. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-33318 Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-36302 All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21872 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary co... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-43928 Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows r... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-43362 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-32445 Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host syst... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-40358 A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-27449 Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-2447 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privi... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2021-23031 On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege e... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-1471 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-25311 condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by roo... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2021-33509 Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 9.9 | CRITICAL | β | 0 |
| CVE-2020-12083 An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). | 9.9 | CRITICAL | β | 0 |
| CVE-2020-27127 Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-16096 In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has ac... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-3374 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive informat... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-15049 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-45163 The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted i... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-9045 During installation or upgrade to Software House Cβ’CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-1112 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Trans... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-14316 A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-5138 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arb... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-3495 A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker co... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-13774 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx ... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-27134 Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-17363 USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-11684 Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlyin... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-22192 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-1418 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-23230 A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects:... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-25320 A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2023-45161 The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted inp... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-6965 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-42369 Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web G... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-43361 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21954 A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lea... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21881 An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command exe... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-21276 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0... | 9.9 | CRITICAL | β | 0 |
| CVE-2013-3960 Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.