Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16332 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-41110 Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-46888 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-31330 SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-33644 Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-31286 Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-24707 Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-31380 Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36355 TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-31390 : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3330 Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerabili... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-46149 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-33318 Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-52182 Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz β WordPress Quizzes Builder.This issue affects ARI Stream Quiz β WordPress Quizzes Builder: from n/a through 1.3.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-35762 Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-21276 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-41373 A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Applianc... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-25693 There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code ou... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34207 Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-3744 Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant file... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-42515 Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5201 The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level perm... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-4122 Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution o... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-27429 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37901 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding inst... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-38049 A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorize... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20424 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote att... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-27102 Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directo... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-6825 The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target p... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-0070 SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in priv... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3200 The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-48777 Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37424 Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-38048 A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthori... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37091 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24304 Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-2083 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI pat... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-40358 A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-33024 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX15... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30390 Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3105 The Woody code snippets β Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode.... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-11539 Grafana Image Renderer is vulnerable to remote code execution due to anΒ arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath para... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21872 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary co... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21881 An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command exe... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints;Β /sqleditor/query_tool/download, where ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-13032 Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3Β on windows allows local attacker to escalate privelages via pool overflow. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0933 SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell c... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-70983 Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25592 Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic K... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.