Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-26776 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26775 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55660 SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig templa... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23126 TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16165 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31531 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29646 Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-20389 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34990 A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57061 An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13790 The MinimogWP β The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This m... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13410 The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via de... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42013 It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Ali... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-12922 The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, an... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22502 Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR serv... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2008-5784 V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12016 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM News: through 6.0. NOTE: Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30137 An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25272 ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to t... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2505 The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41304 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34275 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30122 An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22451 Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through <= 1.4.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6235 The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22453 Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22454 Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27389 Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue af... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30123 An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sen... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27860 A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2019-9670 mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-28043 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Lo... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27417 Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1870 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remot... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-27437 Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27438 Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27439 Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27983 Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-13442 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2628 The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthe... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1492 The User Registration & Membership β Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22475 Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-54920 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized databa... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54001 Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22497 Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22501 Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25270 ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can cr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12877 The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fro... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22474 Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.