Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-44750 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44752 HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44753 HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44754 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arb... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44755 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23566 A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46502 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4050 The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4063 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may en... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46478 The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46471 Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40434 Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44108 pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44109 pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23076 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46421 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Prov... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40624 pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46538 Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46020 WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39185 EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specia... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39184 EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46316 A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46319 Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46320 The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46323 Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46324 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46325 Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46326 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46327 Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47629 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25893 The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a h... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47635 Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40145 This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.m... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47864 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47862 Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47861 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47860 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47859 Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47866 Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47865 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45347 Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45966 here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46102 AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47926 AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4127 An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4129 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of th... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34476 ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47770 Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46955 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.