Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-46169 Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows a... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-21587 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vuln... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-47966 Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-42475 A heap-based buffer overflow vulnerability [CWE-122]Β in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-27348 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-27518 Unauthenticated remote arbitrary code execution | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-21445 Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Ea... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2020-14644 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vu... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-7593 Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2020-15415 On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-6202 HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM user... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35587 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploi... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-43423 The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40684 An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-43692 An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35405 Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-46628 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26258 D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2018-6530 OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2019-0344 Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybr... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-61260 A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a use... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1316 Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-43491 Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released Jul... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8884 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23113 A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-23006 Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditi... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-9680 An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-41798 A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with ac... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65133 A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affect... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65135 In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27852 Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-21762 A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-0012 An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfor... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-11680 ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, e... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-55956 In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by lever... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2018-14933 upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2022-23227 NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authenticatio... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-45874 A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45873 A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8607 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21878 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pre... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1555 (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WN... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-8643 Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29300 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-46446 Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9574 SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45115 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38989 izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7746 Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40472 Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php." | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.