Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6057 FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0708 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-33942 Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token st... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6112 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6114 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6115 A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argum... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-125112 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows a... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25709 CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4700 Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4701 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4702 JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4723 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5734 Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5735 Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52909 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 v... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5850 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5443 A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values o... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26830 pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to i... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28205 OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24797 Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed β Essential Real Estate Add-On.This issue affects ERE Recently Viewed β Essential Real Estate Add-On: from n/a through 1.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13926 An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5975 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5977 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulati... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5978 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-35053 OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7204 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7203 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5989 SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7750 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 do... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5475 A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identif... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6180 A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5473 An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43423 The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46628 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43692 An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6641 An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a sub... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6640 A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6639 An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7300 Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the d... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5440 A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as par... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6638 A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and t... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7318 SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9142 External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7108 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.24081... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6373 SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8607 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59374 "UNSUPPORTED WHEN ASSIGNED"Β Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.Β The modified builds could cau... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2018-6481 A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.