CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-29875 SQL injection vulnerability in Sentrifugo 3.2, throughΒ /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote u... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31857 Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2825 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The spec... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31856 A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http pa... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29874 SQL injection vulnerability in Sentrifugo 3.2, throughΒ /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31519 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29873 SQL injection vulnerability in Sentrifugo 3.2, throughΒ /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31707 Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4774 The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML f... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31986 A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33735 D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26858 SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33730 Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28501 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45039 Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29747 Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33509 KramerAV VIA GOΒ² < 4.0.1.1326 is vulnerable to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33508 KramerAV VIA GOΒ² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33487 TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands thro... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29374 In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33486 TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36246 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48856 Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the pro... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24629 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionalit... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24627 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19791 In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used)... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30136 Windows Network File System Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2015-20108 xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-0455 The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-0456 The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accou... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-13375 The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26921 OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26750 SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's po... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-38183 An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24377 An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5155 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39245 DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28235 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29312 An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and inco... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32484 Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32462 Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially explo... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-26264 EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL command... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46709 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20915 SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20914 SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20913 SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27650 An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.