Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-23329 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25263 JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30321 Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43298 The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can br... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0332 A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46386 File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43617 Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41653 The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42576 The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36294 Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44663 A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-0956 In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no addition... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41660 SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40091 An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41472 SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25809 Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attac... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25643 seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46560 The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25418 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25417 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23449 This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45428 TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25414 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25403 HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-0889 In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User inter... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0651 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41471 SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42216 A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44655 Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38389 Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41589 In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default config... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40908 SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40907 SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/L... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44679 An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for pos... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22430 There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44653 Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36567 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25084 TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STR... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25083 TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUE... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25082 TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38432 FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remo... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25081 TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_ST... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36564 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25080 TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24340 In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25079 TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUE... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25078 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QU... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25077 TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QU... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25076 TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUE... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.