Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-58309 xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-58308 Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads lik... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50399 FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11127 The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67895 Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8769 Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a craft... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66590 In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66588 In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53959 FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8679 In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repe... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-35050 Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkServ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-35051 Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUT... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14535 A vulnerability was identified in UTT θΏε 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and rem... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25241 FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configurati... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25240 Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by spec... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25237 V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a cr... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20206 The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20207 The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows un... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25236 iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specifi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54957 An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25235 Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to m... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-15048 AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command th... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files w... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain un... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payload... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25134 Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not re... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14534 A vulnerability was determined in UTT θΏε 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argum... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61304 OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13329 The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-63334 PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the op... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25154 GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13619 The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUserHandle::signup' and the 'fsSellerRole::add_role_s... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13773 The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64281 An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-63353 A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64280 A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-56385 A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not prope... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15046 A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argum... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15045 A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page ca... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15044 A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65354 Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65826 The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53914 UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36902 UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36885 Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50402 FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51511 Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-33224 NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escala... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.