Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-44411 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13645 The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6036 The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23759 Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23763 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2778 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24142 Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33880 hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48180 ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40475 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-49195 Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48168 A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40887 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48150 D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43108 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25209 Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25210 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25211 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46076 RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-20100 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is n... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25215 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25223 Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25502 Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45249 Cavok β CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46293 Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22611 OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-29647 SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37346 EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticate... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46612 IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41433 SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40877 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the βidβ parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25730 Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million po... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26818 Netwrix Password Secure through 9.2 allows command injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-29462 A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request mes... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49959 In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root pri... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38946 Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40050 ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30004 Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41571 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40485 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40484 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40483 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51518 Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leverag... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-20654 In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25400 Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class,... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25843 In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30016 SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27516 Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_w... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25180 An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is in... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22891 Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.