Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-24330 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9402 Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51956 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51960 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22076 MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27710 An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51963 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23126 TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45042 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51964 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26112 In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this,... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42141 An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_ciph... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51965 Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30026 The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7673 A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-s... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13027 The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13025 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6695 it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user reg... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-44654 In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-46331 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7404 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13024 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13022 The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | 9.8 | CRITICAL | β | 0 |
| CVE-2014-1493 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to ca... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55213 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66048 Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13021 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13020 The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13041 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-1000237 I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-1511 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14156 The Fox LMS β WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-1514 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a c... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13031 The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2014-1524 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether obje... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-1000235 I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13019 The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13034 The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13035 The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53874 GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 26... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13017 The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13016 The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13015 The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13014 The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-2054 The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27922 TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw pote... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-2056 Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53877 Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-13037 The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13764 The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restrict... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.