Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39997 There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46463 njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46461 njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45005 Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24553 An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27797 Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25405 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24206 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23902 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24984 Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23336 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24720 image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations tha... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-20004 A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by try... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23335 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22295 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24988 In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23337 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40046 PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4039 A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22885 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31932 Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25406 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39994 There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45420 Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to wri... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24977 ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script.... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25114 The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0570 Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25394 Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29655 Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12775 Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to per... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45414 A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43193 In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39616 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46384 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23379 Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39675 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30063 ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22987 The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35689 A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enter... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36166 An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of cer... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23640 Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25045 Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43571 The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25329 Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0845 Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25330 Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44550 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44567 An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44610 Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) pag... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.