Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-28331 On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25523 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24963 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41014 code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | 9.8 | CRITICAL | — | 0 |
| CVE-2024-53507 A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41417 BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-30868 netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48121 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22949 Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46475 D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-17572 FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-30858 netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43977 An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43976 An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25520 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25519 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47853 TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23739 An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25517 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22303 TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22279 MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22357 Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57707 An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-17574 FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57223 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6191 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: T... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57224 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57225 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4060 The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4447 The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL i... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45299 An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22916 RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22913 RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22912 RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22907 RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22906 RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22905 RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22904 RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23566 A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46502 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46478 The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46471 Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-27228 there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for explo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39185 EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specia... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29159 HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39184 EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47378 In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to ge... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29303 The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29363 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.