Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-38754 SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36356 KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25812 Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35327 A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22848 A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35324 A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25035 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38753 An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30228 The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30167 The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend userβs information and escalate privileges to contr... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30230 The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35522 A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20467 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but i... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30231 The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid,... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30232 The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30233 The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30234 The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT paramete... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37421 Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37417 Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34646 Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generati... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25202 SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39509 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34066 An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33055 Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25038 Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unb... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21452 An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35430 SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26765 SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38393 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21805 An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30168 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administratorβs credential and further control the devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38391 A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26228 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26229 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38390 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20675 Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36033 SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31009 Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32983 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-co... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24527 The User Registration & User Profile β Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10095 bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20032 SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34730 A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary cod... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19705 thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40175 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21826 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21827 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37358 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22514 An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27944 Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionalit... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.