Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-46582 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46583 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46584 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46585 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46586 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46588 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46589 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46590 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46591 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46592 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46593 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46594 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23331 Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46596 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46597 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46598 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46599 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46600 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46601 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47115 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37832 Mutiny 7.2.0-10788 suffers from Hardcoded root password. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47117 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47118 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46071 There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46072 Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46255 An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45719 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45717 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4060 The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47740 Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24456 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31702 vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authent... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39073 There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46493 Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38488 logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4447 The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL i... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44567 A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to r... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24165 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0316 The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36503 SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36484 SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45720 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45721 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45896 Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45716 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33420 A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34270 An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46999 Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49105 An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.