Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-44353 Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22633 Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered v... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43177 CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24592 Lack of authentication in all versions of the fileserver component of Allegro AIβs ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51484 Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21894 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to c... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52040 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35361 MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46359 An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specif... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22651 There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25140 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid fro... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23917 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31218 Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Fu... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24294 A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46700 SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6153 Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327.Β NOTE: The vendor was contacted early abou... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21511 Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Serv... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48078 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46302 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to de... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51424 Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31848 A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain com... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32238 H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6229 Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being un... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31849 A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain comple... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30564 An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateIntern... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29155 Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24496 An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27488 Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6230 Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segme... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7227 SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execu... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33276 SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes()... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24213 Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38880 The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup i... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6234 Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product be... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24811 SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6016 An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24133 Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34919 An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a cra... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23636 SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserializatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34532 A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/queryde... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6019 A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-0244 Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsiv... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51803 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46914 SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive informat... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29276 An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33786 An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-4466 SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43979 ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47308 In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24303 SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive inf... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.