Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-21322 fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the pro... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-31125 Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and ac... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1518 LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1517 LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations,... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-26472 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-21141 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multipl... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1161 An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-22570 A buffer overflow vulnerability found in the UniFi Door Access Reader Liteβs (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control a... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-19810 Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-21961 A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27472 A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27460 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24796 RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerabilit... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27462 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27470 A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27476 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arb... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-23657 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27447 Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-40850 TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-38454 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs o... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-37705 OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Direc... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1519 LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-31126 Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-31161 Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing t... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-46742 Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-29823 Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-20998 In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-17440 Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC t... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36412 SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection at... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-29492 Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable f... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-36155 An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive met... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-35949 An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. ... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26823 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Servi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26822 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, t... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26821 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-25910 A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All ve... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4309 Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-26477 XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeN... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-2564 OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-2583 Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-48419 An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of PrivilegeΒ | 10.0 | CRITICAL | β | 0 |
| CVE-2023-39344 social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-49778 Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-45894 The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23613 A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote cod... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-52221 Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23614 A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23615 A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23622 A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with S... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-47143 IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an at... | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.