CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-47036 Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46295 An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP p... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32511 Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33512 There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets dest... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33511 There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAP... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-2876 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-26305 There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's ac... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-26304 There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33786 An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4466 SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33275 SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33273 SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33267 SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50434 emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33435 Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33269 SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33268 SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33266 SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initCon... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33449 An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29155 Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38880 The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup i... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Acce... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31290 Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25110 The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during conn... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32881 Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot t... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31601 An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23761 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-42374 An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22633 Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46302 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to de... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51484 Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23816 A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22157 Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51483 Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51481 Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46700 SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51476 Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34532 A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/queryde... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-21401 Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51424 Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-21511 Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Serv... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32238 H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-30564 An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateIntern... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53521 When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Su... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-21643 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized cod... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-33276 SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes()... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3871 The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulne... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32504 An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3765 A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerabilit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26540 Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.