Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-27574 ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26779 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | 9.8 | CRITICAL | β | 0 |
| CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-4328 The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the ser... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-3043 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2016-4117 Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2016-1019 Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-1152 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection.Β This issue affects Persolus: before... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24776 Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36394 In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-4810 HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled obj... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2010-0840 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-22752 There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45141 Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24781 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24775 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29492 Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-45249 Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-20439 A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerabilit... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-24780 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22889 SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26261 In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24773 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26922 SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24782 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33352 An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33353 Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24777 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2505 The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12016 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: through 6.0. NOTE: Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57061 An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27202 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27203 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13442 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27852 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27853 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13790 The MinimogWP β The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This m... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13410 The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via de... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12922 The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, an... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30137 An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30123 An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sen... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30122 An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25143 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48367 An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain acce... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24762 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27061 Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability all... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27063 Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2345 A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. I... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0037 The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthe... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.