Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-51410 Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-50723 XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programmi... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-51417 Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-50721 XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of s... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-5199 The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attack... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-51470 Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre β Dating Site.This issue affects Rencontre β Dating Site: from n/a through 3.11.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-21415 Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-1265 An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-40200 Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25911 The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-0070 SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in priv... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43684 ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following su... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-47663 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-11082 The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including,... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8672 The Widget Options β The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functi... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-20048 A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands o... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20997 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easi... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-34762 Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37109 Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-36393 SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3105 The Woody code snippets β Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode.... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-38369 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3592 The Quiz And Survey Master β Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37091 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-6303 Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-51548 Dangerous File Upload vulnerabilities allow upload of malicious scripts.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.9 | CRITICAL | β | 0 |
| CVE-2025-27554 ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopi... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to by... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-9264 The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, lea... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-42922 SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compro... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-42967 SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gain... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-18556 A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24841 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-termina... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25510 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-68986 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-68910 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-22039 Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall.... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62056 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25763 OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProjectβs repository changes endpoint (/p... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62050 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-57795 Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remot... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-1595 <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run ... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-1210 <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-21877 n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full comp... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-68909 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-67968 Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20253 A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vul... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-32514 Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-49013 WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.ev... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34063 Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.