Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-24324 TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23584 Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_trac... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42562 Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51982 CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23591 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete ever... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51837 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51840 DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37913 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43213 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44139 Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44249 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44250 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44251 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44252 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44255 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35284 SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45872 iTerm2 before 3.4.18 mishandles a DECRQSS response. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37914 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23740 An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23741 An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23739 An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52389 UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative in... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44118 dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44120 dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45276 An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37915 A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Succ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41711 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded b... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36452 A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38319 An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38318 An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45206 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45207 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38317 An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41705 Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded b... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1650 The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a s... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44843 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44844 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45907 In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45908 In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22638 liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45933 KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-29064 An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36193 SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22529 TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22729 NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3603 The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33759 SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22751 D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52039 An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.