Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-51518 Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leverag... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49959 In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root pri... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25730 Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million po... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57686 A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "paget... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57687 An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GE... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22946 Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22949 Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42245 Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25223 Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25215 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25211 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57223 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57224 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57225 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25210 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25209 Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24142 Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23763 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23759 Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6036 The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25315 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25314 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25302 Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50026 SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40266 An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24495 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42282 The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24216 Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24003 jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24018 A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38995 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24186 Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24001 jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1284 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22852 D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted pa... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24112 xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24543 Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via craf... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24398 Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57483 Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36773 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one U... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23978 Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer support... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21591 An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52030 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51784 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution.Β Users ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22904 RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22905 RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22906 RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22907 RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22912 RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22913 RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.