Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-28722 Certain HP Print Products are potentially vulnerable to Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4226 RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40853 Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40860 Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40862 Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40867 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40864 Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40851 Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40854 Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40855 Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40866 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47072 SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2437 The Feed Them Social β for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40008 SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1283 Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24333 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24332 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24331 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24330 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24329 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24327 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37265 Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24325 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31531 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24324 TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-20389 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45699 Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25718 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instru... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-32985 NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7533 CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42562 Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26167 In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32216 Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed eviden... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51982 CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36770 pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to beco... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51837 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38951 ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38243 xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40830 Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20148 In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38916 A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51840 DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57229 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57230 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57231 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57232 NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16165 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45498 VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37204 Final CMS 5.1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34256 OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.