CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-36084 SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23059 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24142 Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-3844 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-0855 The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes i... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37265 Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45492 Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25209 Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25210 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25211 Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45491 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25215 Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25223 Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45490 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45488 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45487 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22942 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-51547 Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: t... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25502 Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45489 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25351 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57045 A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-20148 In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38916 A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37204 Final CMS 5.1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25662 Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-28322 SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a craft... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-52029 TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51123 An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin b... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43101 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43102 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43103 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43104 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43105 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43106 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51964 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23978 Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer support... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-0493 The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the ta... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-53356 Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardco... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36773 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one U... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46192 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46191 Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. D... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46190 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22061 A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30016 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_deta... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24398 Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12442 EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-11861 EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41226 Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.