Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-49393 Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62616 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordF... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22857 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12735 The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70314 webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7334 Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22854 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51958 aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22853 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEARβs NDR array reader does not perform bounds checking on the onβwire element count and can write past the heap bu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22852 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUD... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22213 RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the de... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-7109 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does no... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65823 The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22214 RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame dat... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the v... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37050 Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger th... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22238 The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP re... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22237 The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22236 The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66647 RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 f... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37052 AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injectio... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54339 Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary syst... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70892 Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54335 eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload maliciou... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54334 Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability b... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59389 An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixe... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54330 Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-54329 Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-21531 Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25296 The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43017 HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25232 NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70161 EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55089 In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a c... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69542 A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname par... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1490 The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoof... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15029 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. Thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37027 Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicio... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15026 Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60245 Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66802 Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62615 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8572 The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28433 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10377 A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an at... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10211 A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validati... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28439 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48860 An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40300 Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.