Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-26276 Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted do... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-12522 The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xx... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-20079 A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an a... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-26216 Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-7268 Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-49324 Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a throu... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-59818 This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24760 Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-3400 A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurat... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2025-41672 A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-64180 Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw l... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-67288 An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibil... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-24786 WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an u... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-34770 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unaut... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-59503 Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-10230 A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-47637 Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-48123 Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light allows Code Injection. This issue affe... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-3941 Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProF... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-25136 A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-29902 Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-37968 Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privile... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-3939 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command impleme... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-47143 IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an at... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function | 10.0 | CRITICAL | β | 0 |
| CVE-2023-2825 An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attac... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-4361 Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malic... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-6269 An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51419 Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome:... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-26970 Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a before 1.71.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49060 Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through < 1.1.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-41892 Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4804 AnΒ unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51505 Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for W... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-30299 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit thi... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-49314 Unrestricted Upload of File with Dangerous Type vulnerability in ι ±θ JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-44102 A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 ... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31996 XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`,... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-27957 Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-48839 Improper Input Validation vulnerability allows Remote Code Execution.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49302 Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-47667 An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-39380 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a t... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-50707 Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36258 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-5120 A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The v... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-25913 Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-41875 A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (r... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-44146 A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-9574 Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .Β All firmware versions with the Serial Number from 2000 to 5166 | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.