Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-43428 A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed with... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50388 An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62193 Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unau... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25282 V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redire... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43526 This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use W... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25268 NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit i... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitra... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61246 indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39675 SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52471 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1974 A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingr... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1160 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14502 The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenti... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22043 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67791 An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to imper... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22189 Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22087 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25095 The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site af... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-54383 Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68705 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-48620 uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14301 The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function p... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-17207 An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php durin... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22922 An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69991 phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-2420 LenelS2 NetBox access control and event monitoring system was discovered to containΒ Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication req... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31343 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-21448 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add address` step th... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-2421 LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious comma... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31344 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-37385 Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31345 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31346 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31347 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31348 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31350 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31351 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69992 phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10915 The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31352 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-39485 Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67147 Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key'... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22781 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query param... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-39354 Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31353 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31354 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1952 The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69269 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0699 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control ove... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44151 Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.