Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-33411 A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33409 SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33408 A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27667 Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27746 BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33403 A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22562 A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26066 Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37632 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3365 Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13448 The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affe... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22441 HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36265 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57395 Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19752 nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as o... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30804 An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33215 Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32318 Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32301 Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21014 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-32286 Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12248 Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could resul... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-0680 Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25099 In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41940 cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-36264 ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be us... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28383 Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1071 The Ultimate Member β User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in ve... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24101 Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1301 SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and ret... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-0039 In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges need... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-1527 Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and pot... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27227 A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues | 9.8 | CRITICAL | β | 0 |
| CVE-2023-7103 Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22974 SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25751 A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24402 An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36360 OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP requ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20954 In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. Use... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20951 In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges ne... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24905 WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24906 WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an autho... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24957 WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authoriz... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42499 In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42498 In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interac... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-20532 In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution priv... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28611 Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28610 The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.