Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-16342 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using str... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16347 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33945 Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prio... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-1003031 A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-40933 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-11208 The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically process... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10431 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code i... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10458 Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30996 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allows Upload a Web Shell to a Web Server.This issue affects Themify Newsy: from n/a through <= 1.9.9. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-40470 A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the m... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-31100 Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a t... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-31048 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through <= 1.1.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-39842 OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-47658 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-46490 Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Upload a Web Shell to a Web Server.This issue affects Cros... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-46642 D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39930 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-17363 USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2021-1417 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-26892 Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through <= 2.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-39402 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-32613 Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artif... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2025-22782 Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Upload a Web Shell to a Web Server.This issue ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-23031 On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege e... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-27282 Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52429 Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a throu... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-38450 The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | 9.9 | CRITICAL | β | 0 |
| CVE-2015-2079 Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52427 Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tic... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21872 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary co... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21881 An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command exe... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-32583 Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52406 Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52403 Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a throu... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52407 Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Mi... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52370 Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-4981 Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to wr... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-1509 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-1680 An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 be... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52399 Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <=... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-36782 A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-36099 XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possib... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-2471 Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a r... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41681 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SC... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangero... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41267 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling t... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16256 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.