Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-43698 Kieback & Peter's DDC4000 seriesΒ uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4841 A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device wi... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0150 A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and passwo... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-10722 partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6481 A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1312 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster o... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-9032 An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8865 In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vect... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4917 Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4918 Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation coul... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7318 SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48538 Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7520 An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration down... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6641 An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a sub... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6640 A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6639 An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6638 A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and t... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7300 Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the d... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7648 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46483 Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8967 An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48539 Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24047 This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43631 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43629 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44675 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44676 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44525 Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40394 An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46110 Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43628 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43439 RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42670 A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23329 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46307 An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45898 SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25016 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to e... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46428 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46427 An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46377 There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22225 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21952 An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network pack... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46036 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24306 Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26169 Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24305 Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43155 Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25337 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22226 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25396 Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.