Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45251 Elsight β CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40453 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44381 D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43692 An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41798 A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with ac... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44401 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8039 Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43423 The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42777 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a craft... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33066 Memory corruption while redirecting log file to any file location with any file name. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29731 SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9441 The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id par... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44342 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44341 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST reque... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9796 The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41622 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7071 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8181 An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restric... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8275 The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insuffic... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45115 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33872 Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46628 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8607 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45488 One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45698 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inje... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6671 In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41370 Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41369 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41368 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41367 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41366 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41364 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41361 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45252 Elsight β CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 | CRITICAL | β | 0 |
| CVE-2024-3057 A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45874 A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45622 ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7108 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.24081... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59374 "UNSUPPORTED WHEN ASSIGNED"Β Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.Β The modified builds could cau... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-44808 An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8292 The WP-Recall β Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plug... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7772 The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7078 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9142 External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8395 FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42843 Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7076 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue af... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8643 Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8255 Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.