Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-26289 Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48175 Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48006 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /in... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29275 SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33153 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33155 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32621 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointe... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33164 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40037 An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25508 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27228 there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for explo... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25510 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6057 Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the v... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38468 Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46998 An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46999 Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24165 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24164 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48066 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31810 TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25529 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25530 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37634 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37637 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25531 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29164 HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46967 An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25532 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24166 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24167 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24169 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24170 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41014 code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49989 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24456 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24427 Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29157 HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24429 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24430 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24444 Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24443 Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24441 Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29159 HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35510 An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30867 netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28556 SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payl... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28557 SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payl... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35339 Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35375 There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35091 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.