Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-21270 Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerabili... | 8.1 | HIGH | β | 0 |
| CVE-2024-21271 Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vu... | 8.1 | HIGH | β | 0 |
| CVE-2024-21272 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low pr... | 7.5 | HIGH | β | 0 |
| CVE-2024-21273 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerab... | 6.0 | MEDIUM | β | 0 |
| CVE-2024-21274 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabi... | 7.5 | HIGH | β | 0 |
| CVE-2024-21275 Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows lo... | 8.1 | HIGH | β | 0 |
| CVE-2024-21276 Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows ... | 8.1 | HIGH | β | 0 |
| CVE-2024-21277 Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitab... | 8.1 | HIGH | β | 0 |
| CVE-2024-21278 Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. E... | 8.1 | HIGH | β | 0 |
| CVE-2024-21279 Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low pri... | 8.1 | HIGH | β | 0 |
| CVE-2024-21280 Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allo... | 8.1 | HIGH | β | 0 |
| CVE-2024-21282 Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability all... | 8.1 | HIGH | β | 0 |
| CVE-2024-21283 Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily ex... | 8.1 | HIGH | β | 0 |
| CVE-2024-21284 Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to e... | 7.1 | HIGH | β | 0 |
| CVE-2024-21285 Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to e... | 7.1 | HIGH | β | 0 |
| CVE-2024-21286 Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2.... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-48779 An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48781 An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-48782 File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9954 Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2024-9104 The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated va... | 5.6 | MEDIUM | β | 0 |
| CVE-2024-9521 The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9647 The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9652 The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization an... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9891 The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-10018 Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9873 The Community by PeepSo β Social Network, Membership, Registration, User Profiles, Premium β Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, a... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36833 The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenti... | 6.3 | MEDIUM | β | 0 |
| CVE-2020-36834 The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on vari... | 6.3 | MEDIUM | β | 0 |
| CVE-2020-36837 The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This ma... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-36838 The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw m... | 7.4 | HIGH | β | 0 |
| CVE-2020-36839 The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. T... | 8.3 | HIGH | β | 0 |
| CVE-2021-4443 The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentica... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4444 The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it... | 7.3 | HIGH | β | 0 |
| CVE-2022-4974 The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce prote... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-7286 The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users ca... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-7287 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in v... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-7288 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versio... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-7289 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions u... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-7290 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in version... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-7291 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in version... | 7.1 | HIGH | β | 0 |
| CVE-2023-7292 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in vers... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-7293 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versio... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-7294 The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions u... | 7.1 | HIGH | β | 0 |
| CVE-2024-8507 The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_... | 8.8 | HIGH | β | 0 |
| CVE-2024-8746 The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all... | 7.5 | HIGH | β | 0 |
| CVE-2024-8918 The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. Thi... | 7.4 | HIGH | β | 0 |
| CVE-2023-7295 The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and outp... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-7296 The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.