Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-20227 JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boun... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12264 The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/pay... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9933 The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not emp... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51353 Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: fr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11457 The EasyCommerce β AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-39892 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Pytho... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33815 Memory-safety vulnerability in github.com/jackc/pgx/v5. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31084 Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through <= 3.4.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31087 Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows Object Injection... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12813 The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitizatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10571 The Chartify β WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unau... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47805 Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 2.2.22. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32117 Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Go... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12673 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.7... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31095 Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a thr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12374 The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login β User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5902 Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13313 The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication che... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1306 The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42258 BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL inje... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-9989 The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' f... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52409 Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10284 The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12155 The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52410 Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52411 Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a through... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8570 The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 t... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23932 Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through <= 3.00. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27270 Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32968 Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52413 Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-39324 Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryp... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9286 The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and in... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7441 The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API end... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11522 The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23914 Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47188 Missing Authorization vulnerability in PressTigers Simple Job Board simple-job-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50507 Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-54297 Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43222 Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50903 Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through <= 3.4.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-19323 The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2019-18624 Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18604 In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1584 A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Z... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9535 A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13553 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 β B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These cred... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17399 The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12766 Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.