Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-37914 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-3342 The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in version... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36460 Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can c... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-37462 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-40622 SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36469 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary sc... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-35150 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36470 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inje... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34251 Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the admin... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-36355 TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via ... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-34465 XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-36276 TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interac... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-4347 The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The funct... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-4360 The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29516 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-30839 PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even withou... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-4368 The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29512 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, P... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-1782 HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29514 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-38074 SQL Injection vulnerability in VeronaLabs WP Statistics pluginΒ <= 13.2.10 versions. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-23857 Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to acc... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-22579 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-25616 In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program ObjectΒ execution can lead to code injection vulnerability which could allow an attacker to gain... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-29527 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-0016 SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41267 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling t... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41272 An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41931 xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-21465 The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the databa... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangero... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-0022 SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful ex... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43546 A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q1... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43545 A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q1... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-38652 A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-33207 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-37425 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 9.9 | CRITICAL | β | 0 |
| CVE-2022-45092 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could p... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-33204 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43405 A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43401 A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with pe... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43404 A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows at... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-33205 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-23140 Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Cent... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-2471 Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a r... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-36084 cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-39206 Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. ... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-36099 XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possib... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.