Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-39402 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37906 Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_sen... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-24677 Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25765 In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to by... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-29135 Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-22630 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.This issue affects Widget Options: from n/... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-0867 The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were st... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-37361 The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Β Hitachi Vantara Pentaho Business Analytics Server versions before 10... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62065 Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-51548 Dangerous File Upload vulnerabilities allow upload of malicious scripts.Β Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 9.9 | CRITICAL | β | 0 |
| CVE-2025-26872 Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-26892 Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-49887 Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0501 Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backen... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-64420 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30996 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify ... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-59157 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-68562 Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-28802 Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled gen... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-3549 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insuffici... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20253 A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vul... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-32514 Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-51478 YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34063 Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-34827 Carel Boss Mini 1.5.0 has Improper Access Control. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-25909 Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-2083 A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI pat... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-53213 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooC... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-22133 WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-6784 Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.Β Affected products: ABB ASPECT - Enterprise v... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a throug... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-30841 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-28893 Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-20124 A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure dese... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-32461 wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-54347 A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain condition... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-14700 An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-13032 Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3Β on windows allows local attacker to escalate privelages via pool overflow. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-56052 Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24304 Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-29241 Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information,... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16289 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16278 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16274 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16272 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16271 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16290 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16307 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16276 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-46642 D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.