Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-6794 A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a spe... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5168 Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and e... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6793 A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-5965 NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-28698 Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39686 Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen functi... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39685 Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample functi... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35563 CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6397 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verificatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37084 In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file s... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35361 MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-21552 All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37998 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affect... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46359 An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specif... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6229 Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being un... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6230 Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segme... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6231 Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsiv... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6232 Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segme... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6233 Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unrespo... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6234 Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product be... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0244 Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsiv... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24294 A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36081 Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36080 Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-14839 LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-25140 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid fro... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23917 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38944 An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24592 Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34919 An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a cra... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6407 CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33567 Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager:... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32511 Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31290 Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22157 Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51483 Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25316 Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51481 Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51476 Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51424 Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24004 jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order`... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24002 jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order`... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26540 Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26009 Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36435 An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24303 SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive inf... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46914 SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive informat... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48643 Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plu... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24133 Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4826 SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.