Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-27058 In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from the... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-23019 Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\ | 5.4 | MEDIUM | β | 0 |
| CVE-2024-27062 In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix race... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27073 In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-28775 IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-28764 IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-30176 In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-33818 Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. | 7.5 | HIGH | β | 0 |
| CVE-2023-23021 Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23022 Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inp... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-33304 SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-33424 A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-33306 SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | 7.4 | HIGH | β | 0 |
| CVE-2024-33307 SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-33423 Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under... | 7.4 | HIGH | β | 0 |
| CVE-2024-33302 SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-33303 SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | 8.2 | HIGH | β | 0 |
| CVE-2024-33305 SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | 6.1 | MEDIUM | β | 0 |
| CVE-2008-6221 PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ... | N/A | NONE | β | 0 |
| CVE-2008-6649 SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via t... | N/A | NONE | β | 0 |
| CVE-2024-34404 A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-40492 LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simp... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-40493 LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57625 An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | HIGH | β | 0 |
| CVE-2023-40494 LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Edi... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-40495 LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG ... | 7.5 | HIGH | β | 0 |
| CVE-2023-40496 LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ... | 7.5 | HIGH | β | 0 |
| CVE-2023-40497 LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Au... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40498 LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40499 LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Au... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-33873 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. | 8.8 | HIGH | β | 0 |
| CVE-2023-40500 LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40501 LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40502 LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-40503 LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations... | 7.5 | HIGH | β | 0 |
| CVE-2023-40504 LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40505 LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simp... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35050 An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. | 8.8 | HIGH | β | 0 |
| CVE-2023-40506 LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations... | 7.5 | HIGH | β | 0 |
| CVE-2023-40507 LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations... | 7.5 | HIGH | β | 0 |
| CVE-2023-40508 LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Edit... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-40509 LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Edi... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-40510 LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication... | 7.5 | HIGH | β | 0 |
| CVE-2023-40511 LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is n... | 7.5 | HIGH | β | 0 |
| CVE-2024-35012 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. | 6.3 | MEDIUM | β | 0 |
| CVE-2023-40512 LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected ... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40513 LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affec... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40514 LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affe... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40515 LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ... | 7.5 | HIGH | β | 0 |
| CVE-2023-40516 LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Edito... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.