Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-47315 In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47317 In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomic... | 3.3 | LOW | β | 0 |
| CVE-2021-47322 In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when ... | 7.8 | HIGH | β | 0 |
| CVE-2021-47335 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances As syzbot reported, there is an use-after-free issue d... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47336 In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e... | 7.8 | HIGH | β | 0 |
| CVE-2021-47343 In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47351 In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} an... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47360 In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds.... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47365 In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a write we want to make to improve the effici... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47366 In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.Fetch... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47370 In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47374 In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can b... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-36732 An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot. | 7.5 | HIGH | β | 0 |
| CVE-2024-21683 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7... | 8.8 | HIGH | β | 0 |
| CVE-2009-1054 Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploit... | N/A | NONE | β | 0 |
| CVE-2009-1055 Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, v... | N/A | NONE | β | 0 |
| CVE-2024-3920 The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh... | 3.5 | LOW | β | 0 |
| CVE-2024-0452 The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and includin... | 5.0 | MEDIUM | β | 0 |
| CVE-2024-30419 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, V... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-30420 Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploite... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-31394 Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ve... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-31395 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, V... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-22892 Uncontrolled resource consumption for some OpenVINOβ’ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via ad... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-31396 Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an ad... | 6.6 | MEDIUM | β | 0 |
| CVE-2024-35362 Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-21791 Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | 4.7 | MEDIUM | β | 0 |
| CVE-2024-2220 The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack... | 3.5 | LOW | β | 0 |
| CVE-2024-3594 The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ... | 8.7 | HIGH | β | 0 |
| CVE-2024-3917 The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-3918 The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting at... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-39928 In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn,Β random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are reco... | 7.5 | HIGH | β | 0 |
| CVE-2024-42797 An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46607 Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java... | 7.6 | HIGH | β | 0 |
| CVE-2024-46609 An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | 7.5 | HIGH | β | 0 |
| CVE-2024-46612 IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8404 An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local log... | 7.8 | HIGH | β | 0 |
| CVE-2024-45983 A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a re... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-45984 A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-45772 Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicato... | 5.1 | MEDIUM | β | 0 |
| CVE-2024-46293 Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45967 Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. | 4.7 | MEDIUM | β | 0 |
| CVE-2024-46079 Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-46081 Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-46083 Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-46080 Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | 8.0 | HIGH | β | 0 |
| CVE-2024-46082 Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-46084 Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | 8.0 | HIGH | β | 0 |
| CVE-2024-34535 In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-46077 itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_nam... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8486 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in the Modern Heading and Icon Picker widgets all versions u... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.