Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-41013 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-56337 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throug... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41012 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41011 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41010 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41009 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41008 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2395 The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40998 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48659 An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40999 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8932 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12084 A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-0585 The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41000 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41001 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-24102 The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current loca... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9392 A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25292 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a p... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25291 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a p... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9401 Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6360 Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6407 CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6397 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verificatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25077 An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its valu... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37113 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32956 SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6422 An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51094 Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39071 Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37873 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id param... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39171 Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38076 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38074 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6027 The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient e... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37699 An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34313 An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6771 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6768 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36684 In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivi... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36678 In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33836 In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFr... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39013 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via inject... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34994 In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37124 Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is install... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0642 Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the appli... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36480 Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the pr... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36543 Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to h... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.