Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-27258 Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64164 Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26506 Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print j... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6638 A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32232 ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47246 In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-68990 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affe... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files w... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60233 Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2073 Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9850 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12918 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18329 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18801 An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corr... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5081 An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware ver... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1000027 Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25471 FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files c... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25487 SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endp... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9884 eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31877 Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract in... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25468 NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13572 The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18315 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70024 An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25217 The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-49775 A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter R... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12552 Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15044 A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14277 Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18316 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31871 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storag... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62877 Projects using the SUSE Virtualization (Harvester) environment mayΒ expose the OS default ssh login passwordΒ Β if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster o... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1010228 OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16639 An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET comma... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31856 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25159 Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting m... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1010178 Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The at... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70082 An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6363 SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1010238 Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embeddin... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31840 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a dot-notation field name in combination ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13595 The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15045 A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page ca... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1010174 CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controlla... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3951 Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling I... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18323 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9925 SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially c... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23813 A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.