Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-26268 Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44618 A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39708 In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution pri... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39710 Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0766 Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39383 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39720 Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39723 Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24743 An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46704 In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from ins... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26496 In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO messa... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26495 In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocate... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46703 In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template con... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0845 Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46204 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28209 An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46384 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22820 A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39737 Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44971 Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41609 SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backe... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43636 Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22294 A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33912 libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33913 libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45899 SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25905 An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43090 An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45435 An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44249 Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26301 TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26279 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45898 SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26272 A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0982 The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25246 Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a re... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25247 Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43700 An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25251 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper au... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0748 The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23812 This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27811 GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27083 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44738 Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44734 Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44735 Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44736 The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the βout of service eraseβ feature. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27082 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27081 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27080 Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.