Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-44618 A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44620 A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36513 An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23900 A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22253 Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 ope... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26613 PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36514 An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25621 UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39383 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24786 PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, b... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1253 Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45887 An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application admin... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26114 Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45682 An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28468 Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25003 The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28467 Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25007 The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28116 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28115 Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27123 Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26628 Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0169 The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28219 Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0254 The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26635 PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45683 An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41752 Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41751 Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0658 The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamica... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30080 An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28428 File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19229 Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45684 An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45685 An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1212 Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33207 The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45686 An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24231 Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25490 HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26585 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24752 SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25492 HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45687 An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25487 Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45689 An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45690 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25488 Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45691 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.