Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-27472 A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attack... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24803 Asciidoctor-include-ext is Asciidoctorβs standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an att... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-32933 An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-32548 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab f... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1161 An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-11639 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24884 ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature c... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-29165 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-34819 A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 L... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-8974 In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web wi... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and abo... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-26959 There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the proc... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-30510 Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-26936 Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-26701 An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-41875 A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (r... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-47687 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce:... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-54214 Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-48123 Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light allows Code Injection. This issue affe... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-43931 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vec... | 10.0 | CRITICAL | β | 0 |
| CVE-2016-9343 An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sen... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-49414 Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-4390 A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are fi... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-28354 There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31351 Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic β AI Content Writer & Generator.This issue affects Copymatic β AI Content Writer & Generator: from n/a through 1.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-7268 Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-7257 Linear eMerge E3-Series devices allow Unrestricted File Upload. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-5485 NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. | 10.0 | CRITICAL | β | 0 |
| CVE-2020-14606 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerabilit... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-11210 The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically all... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-16649 On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-16650 On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an atta... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-22600 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. TheyΒ allow unauthe... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-5049 An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory wri... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-1372 An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited ... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-5151 An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of t... | 10.0 | CRITICAL | β | 0 |
| CVE-2018-4031 An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostnam... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-18580 Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerabilit... | 10.0 | CRITICAL | β | 0 |
| CVE-2013-3542 Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded a... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-12388 The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerabi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-1953 Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration v... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-35489 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-32637 Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malform... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-15188 SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the serv... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-5415 Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as... | 10.0 | CRITICAL | β | 0 |
| CVE-2017-14451 An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequen... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-47893 There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-4804 AnΒ unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-48748 Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.