Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-36392 In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29477 An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24258 SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23513 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba networ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3741 Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36981 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the exi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29520 An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41772 Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41688 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized obj... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28115 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29889 A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36979 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the exi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2474 Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the βEthernet Q Commandsβ service, which allows any user on the same network segment as the controller (ev... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2475 Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the auth... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3760 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0755 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36978 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26760 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47435 An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41657 Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (A... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40202 The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36977 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36976 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36975 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40741 Mail SQR Expertβs specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36974 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27214 Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30541 An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38142 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24253 Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27207 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36972 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1327 Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web manage... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32454 A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote cod... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2024 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48149 Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28398 Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22920 A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker c... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25076 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22344 Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4105 Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25696 Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27204 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32765 An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32773 An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26784 SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25158 GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datasto... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46501 Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33150 An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25157 GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Qu... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.