CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-36331 Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-25910 A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All ve... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-34166 An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrar... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36258 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-37470 Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could pot... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-39344 social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-39967 WireMock is a tool for mocking HTTP services. When certain request URLs like β@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-20238 A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attac... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-45138 Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user witho... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-25054 Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-41094 TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsid... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-22476 Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-21431 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-42150 TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-25960 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop β Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.Th... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-45854 /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51473 Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds β Simple Classifieds Plugin.This issue affects TerraClassifieds β Simple Classifieds Plugin: from n/a through... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-26389 A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDi... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-59528 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input conf... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-9588 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection.This issue affects e... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51468 Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre β Dating Site.This issue affects Rencontre β Dating Site: from n/a through 3.10.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51505 Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for W... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51411 Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2023-51419 Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome:... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-20695 A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-52181 Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-40422 An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-52221 Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23614 A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23615 A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23621 A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23622 A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with S... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-31115 Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a throu... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-0916 UnauthenticatedΒ file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-44148 This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. | 10.0 | CRITICAL | β | 0 |
| CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitr... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2024-32651 changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-33566 Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | 10.0 | CRITICAL | β | 0 |
| CVE-2022-25226 ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is ... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-7028 An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2022-24803 Asciidoctor-include-ext is Asciidoctorβs standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an att... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-24884 ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature c... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-37902 DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly int... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-36532 Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-32933 An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-50029 PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-6297 Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injecte... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-61481 An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the admini... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-13390 The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-0881 Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | 10.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.