Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-10683 An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3744 The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10753 Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified o... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-7658 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1000533 klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6641 An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a sub... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8865 In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vect... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-12634 CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3757 Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14475 In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command in... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14476 In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14478 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14479 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3746 The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9244 Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14480 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14481 In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7499 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-12689 phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6640 A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44381 D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41237 A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-20454 Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34048 vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.Β A malicious actor with network access to vCenter Server may trigger an out-of-bounds write po... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-38530 The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthent... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42520 TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6917 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7249 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Service... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21878 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pre... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43141 Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44076 In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8039 Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42360 SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-5914 A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42546 TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42547 TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40472 Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php." | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53899 PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44382 D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34480 SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34479 SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7731 Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database conte... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7350 The Appointment Booking Calendar Plugin and Online Scheduling Plugin β BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin no... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7746 Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by t... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-32491 Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO β On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO β On-site SEO:... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42757 Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23168 Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43245 Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.