Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-38927 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-20108 xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31752 SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38926 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28408 Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38925 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48479 The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9670 mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2006-5024 Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2006-5610 PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code... | 9.8 | CRITICAL | β | 0 |
| CVE-2006-6024 Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudo... | 9.8 | CRITICAL | β | 0 |
| CVE-2006-5021 Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2006-5678 PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other prod... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25272 ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41179 Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo... | 9.8 | CRITICAL | β | 0 |
| CVE-2006-5603 SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unk... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-3465 Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a de... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-5097 PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT p... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-4043 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-4039 Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metach... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-11972 The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plug... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-5565 PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is dis... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-5775 Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-4559 Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) ... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-4290 Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-1160 ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43168 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6809 The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, lea... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-1511 Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-3612 The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP conn... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-6013 Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-2374 src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-0961 EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2007-3652 SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same is... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-53584 OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2008-0599 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-2433 The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the l... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48849 Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46773 Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34991 A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 throug... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36397 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49656 Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5974 The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-21164 In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-3010 masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-46575 A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the βorderβ parameter | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48803 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39069 An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47418 Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.