Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2003-0466 Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2004-0434 k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based ... | 9.8 | CRITICAL | β | 0 |
| CVE-2004-0030 PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30283 An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitra... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35700 Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33994 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2003-0252 Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via cer... | 9.8 | CRITICAL | β | 0 |
| CVE-2004-0285 PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31084 Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through <= 3.4.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-53739 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-el... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30310 In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3256 HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash see... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-53805 Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8... | 9.8 | CRITICAL | β | 0 |
| CVE-2004-0005 Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be writ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30286 An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code e... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50550 Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34220 MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43978 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-50419 Incorrect Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Green... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9263 The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference i... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7772 The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48779 An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47088 This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48781 An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5440 A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as par... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-1000497 Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9982 AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary F... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48782 File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7108 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.24081... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4443 The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentica... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-1000487 Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10018 Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44623 An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46048 Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7104 Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1312 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster o... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7098 Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44430 SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/cont... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8967 An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6401 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9105 The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46419 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46451 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46049 Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46044 CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21216 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45697 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS comma... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40568 Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.