CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-49937 An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49934 An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52009 Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enabl... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67997 Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67996 Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-26359 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset use... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36177 An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39169 The affected devices use publicly available default credentials with administrative privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45970 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45971 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10934 In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44758 An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30923 SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | 9.8 | CRITICAL | β | 0 |
| CVE-2024-11837 Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTracΒ allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38406 bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | 9.8 | CRITICAL | β | 0 |
| CVE-2024-11838 External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67995 Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38965 Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39332 Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversa... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48984 An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fet... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52289 authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will aut... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35968 Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer ove... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35967 Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer ove... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35966 Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An att... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35965 Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An att... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34426 A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61303 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sampl... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34365 A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An at... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34346 A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32645 A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23125 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23124 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exis... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23123 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exis... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23122 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23121 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28531 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25279 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30510 An attacker can upload an arbitrary file instead of a plant image. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42493 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42492 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42491 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42490 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41030 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41019 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41018 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41017 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41016 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41015 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41014 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.