Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-8466 A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-2064 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability all... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8465 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authenticati... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35545 Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24629 A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22083 jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25011 A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and pas... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24646 A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24647 A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24648 A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24649 A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24650 A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24651 A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24652 A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7141 A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7142 A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7143 A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7144 A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7145 A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7146 A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7147 A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7148 A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7149 A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7150 A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7151 A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7152 A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7153 A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7154 A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7155 A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7156 A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9518 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' f... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-4443 The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentica... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-46088 An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44921 SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44401 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8464 SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information store... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8465 SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8466 SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8467 SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8468 SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8469 SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8470 SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored i... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44727 Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48539 Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48779 An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-44410 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48782 File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-40493 Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a sp... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9924 The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may b... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41717 Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.