Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-41730 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can f... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36103 Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45746 An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). The... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40754 Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47088 This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43360 ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21216 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9105 The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45489 Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to cre... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7961 A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system co... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6656 Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44342 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44341 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST reque... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8181 An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restric... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41622 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7071 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42575 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7108 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.24081... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42574 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42572 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43404 MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46048 Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40568 Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46044 CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10018 Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7720 HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36068 An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41874 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31570 libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPre... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45694 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45695 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42757 Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45697 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS comma... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23168 Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42465 Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40125 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the up... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46451 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46419 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45410 Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the requ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6401 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7098 Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7104 Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44623 An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46983 sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous clas... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45435 Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.