Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-5415 Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26822 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, t... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-15188 SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the serv... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26821 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact ... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26823 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Servi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-26824 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an ... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-12522 The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xx... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-25066 A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-2248 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthent... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-2256 Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily ex... | 10.0 | CRITICAL | β | 0 |
| CVE-2016-20010 EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-20998 In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-32962 xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-32809 Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-33032 A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows re... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-7388 Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-12030 There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabl... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-21940 A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflo... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-19810 Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-43936 The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code exe... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 | CRITICAL | β | 0 |
| CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 | CRITICAL | β | 0 |
| CVE-2021-23198 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-22657 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-20151 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying cli... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-21275 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-39911 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advis... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-47901 A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which ... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-46250 An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOA... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-52376 Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-10640 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-52373 Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24760 Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27466 A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a ... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27460 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27462 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27468 The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated att... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27470 A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remo... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attack... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27476 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arb... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-7003 A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1161 An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24884 ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature c... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-2970 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker ... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27446 The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-23657 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-23660 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-31481 An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-2310 An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote atta... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-50707 Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.