Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-27554 ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopi... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to by... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell i... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-5618 Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-45496 A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone conta... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25911 The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20997 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easi... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-1265 An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52407 Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Mi... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52406 Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52405 Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a thr... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52404 Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49658 Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects W... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52403 Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a throu... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52400 Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52399 Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <=... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52370 Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52369 Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52384 Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52427 Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tic... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-56050 Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-54262 Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5199 The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attack... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3342 The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.1... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-39888 PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49669 Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a throu... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-56057 Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-54370 Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.This issue... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-9307 The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49331 Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This issue affects Property Lot Manageme... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-56052 Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49653 Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3200 The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49652 Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-6825 The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target p... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52429 Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a throu... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-6386 The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and s... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-52408 Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Ser... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3604 The OSM β OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.3 due to insuffici... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-55187 In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-60957 OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-11539 Grafana Image Renderer is vulnerable to remote code execution due to anΒ arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath para... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-58159 WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allo... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39930 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-2599 File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastru... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-4306 Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in w... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-6784 Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.Β Affected products: ABB ASPECT - Enterprise v... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-46986 Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authentica... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39932 Gogs through 0.13.0 allows argument injection during the previewing of changes. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-39931 Gogs through 0.13.0 allows deletion of internal files. | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.