Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-36177 An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentica... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39169 The affected devices use publicly available default credentials with administrative privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40400 This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary cod... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26390 A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45615 Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35002 A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40163 An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48654 One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium ba... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41006 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49937 An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41005 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49934 An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37903 vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may re... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46289 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46290 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33485 SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46291 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41010 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25189 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46293 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41009 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41008 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46294 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22902 Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22901 Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32735 An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can access the PDNU REST APIs, which may ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41007 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2009-2382 admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20189 In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. | 9.8 | CRITICAL | β | 0 |
| CVE-2009-2367 cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sess... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25279 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46295 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4325 Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40267 GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40889 A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47862 A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40890 A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To tr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-4824 Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30922 SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32653 An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim wou... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49599 An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalat... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34502 An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-i... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39453 A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can delive... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32645 A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34346 A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30923 SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45611 Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.