CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-12286 MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-45494 An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentic... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-45493 An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the d... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54751 COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55586 Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33278 In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33279 In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33280 In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30145 Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-46455 unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55557 ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29671 Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29404 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-1967 Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8259 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This is... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46887 Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25952 SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48478 The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48479 The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34364 A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9290 The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migr... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32673 Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55564 The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-11015 The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing s... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29862 An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55560 MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12209 The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrell... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-20108 xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19791 In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used)... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24627 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24629 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionalit... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12571 The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44852 Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | 9.8 | CRITICAL | — | 0 |
| CVE-2024-10244 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-1610 In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41650 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12287 The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity pri... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41649 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41648 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pu... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22399 Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncon... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41647 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41646 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41645 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41644 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38927 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12097 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38926 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a r... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33532 There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request pa... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33282 Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.