Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-30264 CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57583 Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25212 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execut... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-50993 Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload maliciou... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12366 PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of th... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29473 webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating syst... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29474 inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating syste... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25213 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29475 inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating syste... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24797 D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24798 D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24799 D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24800 D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25210 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25214 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitra... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25215 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execut... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25216 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25217 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arb... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25218 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or e... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25219 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-25220 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27012 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arb... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27013 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS)... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27014 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27015 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27016 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27018 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27019 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbit... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19802 File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27020 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27021 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execu... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27192 An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME paramete... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45526 SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26848 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26978 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29478 BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23462 Libpeconv – integer overflow, before commit 75b1565 (30/11/2022). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27645 An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24138 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24159 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25530 Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3229 Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requir... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24774 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27033 Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24160 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23461 Libpeconv – access violation, before commit b076013 (30/11/2022). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45527 File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24161 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-13545 The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attacker... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27718 D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a craf... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.