Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-1999-0043 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | 9.8 | CRITICAL | β | 0 |
| CVE-2010-1573 Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitra... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16846 An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2010-2941 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-fr... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-3729 The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50623 In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2010-4197 Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have un... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-4201 Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control select... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-4202 Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. | 9.8 | CRITICAL | β | 0 |
| CVE-2010-4203 WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary cod... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-4204 WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a d... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-4205 Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unkno... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5135 A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnera... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2010-1378 OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a l... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-4171 Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmen... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-3416 Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0708 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-33942 Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token st... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5994 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a m... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5995 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manip... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6154 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performin... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6140 A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5996 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Hand... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25709 CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5997 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manip... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6025 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6027 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6057 FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6115 A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argum... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6114 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-6112 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25912 Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27082 Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27049 Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-125112 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4809 plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67114 Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive va... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26501 Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-67113 OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31048 An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67112 Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authentica... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51425 Improper Privilege Management vulnerability in Jacques Malgrange Rencontre β Dating Site allows Privilege Escalation.This issue affects Rencontre β Dating Site: from n/a through 3.10.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51472 Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51477 Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32117 Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a throug... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40870 An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2021-20021 A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-4700 Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.