Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-40241 xfig 3.2.7 is vulnerable to Buffer Overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3254 The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40471 Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30601 Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31692 Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerab... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33444 SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33768 lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2572 In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the acces... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2437 The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-33321 Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONIT... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33350 Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22730 Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42064 Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32941 The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffe... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31813 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authe... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44457 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatib... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27582 Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the passwo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27584 Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password r... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25517 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44544 Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40493 LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25510 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25508 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40497 LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Au... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40498 LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41390 OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40500 LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40501 LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40504 LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40505 LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simp... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43101 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43102 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43103 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33164 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43104 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31691 Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33155 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33153 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43105 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43106 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43107 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34249 wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43108 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42744 CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage par... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34461 Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38427 An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43109 D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22425 "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22818 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.