Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-47123 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47122 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47121 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-28639 Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47120 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45896 Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48107 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47119 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35396 TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47118 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47117 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47115 Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46601 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46600 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46599 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46598 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46597 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46596 TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35387 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45466 In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45467 In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /us... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24116 Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24117 Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41014 code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35353 A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24456 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25227 SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35469 A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36246 Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24093 SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-42286 There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-27776 MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36389 MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25250 SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49989 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24444 Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24443 Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24441 Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2618 A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36568 Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2619 A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-29411 An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48590 Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2620 A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authenticati... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24430 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24429 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24427 Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2621 A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24170 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.