Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-33957 SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7950 The WP Job Portal β A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7732 Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database conte... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44808 An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45115 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPre... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7078 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7076 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue af... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9574 SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8289 The MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capabi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27115 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43360 ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7108 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.24081... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8277 The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27114 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45790 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27112 A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying da... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27113 An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33872 Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7772 The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38770 Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46446 Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in t... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9242 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-8389 Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8387 Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44809 A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8385 A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2,... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44921 SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33964 SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and ret... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45873 A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44541 evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6782 Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6596 An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45468 Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21124 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24045 A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes per... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44548 An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to anothe... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33962 China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44526 Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23178 An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are va... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23803 This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of cert... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44524 A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions),... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21121 Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8643 CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30351 An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Co... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8703 This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44538 The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45014 There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39065 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Cop... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44159 4MOSAn GCB Doctorβs file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.