Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-39809 N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39618 TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30518 ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39383 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39750 D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31447 user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shell... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28715 An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19305 An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39660 An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33388 dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33390 dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27144 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30352 phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42470 The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.M... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46556 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35243 Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40980 File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25433 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40945 Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42471 The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.bro... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40903 A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25431 Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25454 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19559 An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19320 Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5765 Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46359 An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specif... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34084 OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25453 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25446 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29776 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39069 An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4897 Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40309 SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depend... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25440 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40784 DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43199 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-2071 Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies userβs input, which allows unauthenticated attacker to achieve remote code executed via crafted malicio... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28879 In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is us... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25537 File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19450 paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar c... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43196 D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43197 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3705 Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41408 VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26740 Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26739 SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25457 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25456 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43204 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manua... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.