Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-5288 A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33273 An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46410 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34123 An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39645 Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module βTheme Volty CMS Payment Iconβ (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a cra... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37966 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User A... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43980 Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46420 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46419 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46418 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29453 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-21250 In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39648 Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module βTheme Volty CMS Testimonialβ (tvcmstestimonial) up to version 4.0.1 from Theme Volty for P... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32244 Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35879 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a thro... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-30415 Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45386 In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabsp... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-22089 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35648 In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45001 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41685 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support Sys... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35647 In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35646 In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5777 Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, wh... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37522 SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37791 D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33927 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin β MPG multiple-pages-generator-by-porthas allows SQL Inje... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44973 An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36669 Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46417 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40609 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contac... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-30153 An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via th... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36670 A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-24479 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46006 Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40207 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy β Smart Donations allows SQL Injection.This issue affects Donations Mad... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38382 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel SΓΆderstrΓΆm / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue aff... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44974 An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46408 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33924 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28748 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27605 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44116 Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44105 Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47432 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47430 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management β Education & Learning Management allows SQL Injection.This issue a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47428 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Book... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47420 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46860 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.