Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-47283 Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.1... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-27626 OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dange... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-18342 A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabi... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-43684 ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following su... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41000 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41001 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41003 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40998 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30387 Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47297 A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41002 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41004 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40996 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24872 improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-4973 The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25180 An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is in... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40997 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11832 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-I... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40991 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40992 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40993 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40988 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-56431 oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impac... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40986 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40989 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4873 On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overw... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5058 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and incl... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40994 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48978 An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35339 Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. | 9.8 | CRITICAL | β | 0 |
| CVE-2011-1935 pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50717 SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41006 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12352 The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23303 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inco... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43301 Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any siz... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10542 iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management clientβs connection dialog. If the administrator does not change these defaults, a remot... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44732 Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43157 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23304 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10547 An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corrup... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44457 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatib... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28432 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5510 PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55515 A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, a... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-3863 The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5600 A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manip... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35355 A vulnerability has been discovered in DiΓ±o Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35398 TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.