Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-27847 SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27583 PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2024 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37863 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22512 Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1050 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1307 Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-21708 Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33224 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1140 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administra... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28494 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25696 Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0090 The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4105 Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1269 Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26602 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for comma... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1267 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22344 Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28492 TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0947 Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27034 PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25157 GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Qu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36393 In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26780 CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25158 GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datasto... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27204 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27205 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1256 The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-21058 In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27207 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26949 An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24736 PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22920 A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker c... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24673 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27213 Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27210 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24734 An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36392 In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20079 Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) c... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28115 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20078 Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) c... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28333 The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1064 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Au... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1114 Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31961 A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27240 Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3854 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection.Β This issue affects Useroam Hotspot: before 5... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41217 Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13420 OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.