Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-35770 Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35771 Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35772 Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-20896 Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35776 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-5059 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-43453 Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | 8.8 | HIGH | β | 0 |
| CVE-2022-45803 Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin β Gutenberg Forms.This issue affects WordPress Form Builder Plugin β Gutenberg Forms: from n/a through 2.2.8.3. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-51375 Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-37198 Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-37230 Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-37654 An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-0... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-6239 A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to cr... | 7.5 | HIGH | β | 0 |
| CVE-2024-6240 Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro... | 7.7 | HIGH | β | 0 |
| CVE-2023-45197 The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of β..β to the root of the Adminer directory. The attacker can effectively guess the name of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38055 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-44587 Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-44593 Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. | 3.7 | LOW | β | 0 |
| CVE-2023-38389 Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35767 Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-35778 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35781 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-37672 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-37673 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-5308 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-6241 A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-39517 Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell c... | 8.2 | HIGH | β | 0 |
| CVE-2012-6664 Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get ... | 9.1 | CRITICAL | β | 0 |
| CVE-2014-5470 Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42974 In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-34989 In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().' | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36532 Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-5738 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-43637 Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 | MEDIUM | β | 0 |
| CVE-2024-4313 The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β_idβ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5965 The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βlinkβ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-21514 This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. ... | 7.4 | HIGH | β | 0 |
| CVE-2024-21518 This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files withi... | 7.2 | HIGH | β | 0 |
| CVE-2024-21519 This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database... | 6.6 | MEDIUM | β | 0 |
| CVE-2024-6251 A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the compone... | 2.4 | LOW | β | 0 |
| CVE-2024-6252 A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of... | 2.4 | LOW | β | 0 |
| CVE-2024-6253 A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2024-5443 CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` e... | N/A | NONE | β | 0 |
| CVE-2024-34667 Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required fo... | 7.5 | HIGH | β | 0 |
| CVE-2024-6266 A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6267 A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.p... | 2.4 | LOW | β | 0 |
| CVE-2024-6268 A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of ... | 7.3 | HIGH | β | 0 |
| CVE-2024-6273 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. Th... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-39334 MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be writte... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5747 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.