CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-27837 An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30258 An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including exp... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31678 Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30257 An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including exp... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47516 A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44204 D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45474 drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25730 Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million po... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26011 Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26010 Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26008 In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26007 Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44178 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26006 Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26005 Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55964 An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26004 Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26003 Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44177 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44176 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44175 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44174 Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44172 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44171 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26002 Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41497 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42043 The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44180 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25535 HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3634 The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3600 The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-3863 The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24649 The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wp... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45132 In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configura... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25315 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25314 Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-25302 Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49959 In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root pri... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50026 SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24697 Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation mar... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42037 The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40266 An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30982 SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24495 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40872 An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-3495 Delta Electronics COMMGR v1 and v2Β uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-29709 SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42038 The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected versio... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21082 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability al... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24216 Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.