Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-49968 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. | 7.3 | HIGH | — | 0 |
| CVE-2021-47096 In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the op... | 4.0 | MEDIUM | — | 0 |
| CVE-2021-47099 In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b ("veth: allow enabling NAPI even without XDP"), if GRO is ... | 6.0 | MEDIUM | — | 0 |
| CVE-2024-1319 The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, priv... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-49546 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. | 8.8 | HIGH | — | 0 |
| CVE-2023-49547 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49548 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. | 8.8 | HIGH | — | 0 |
| CVE-2024-26339 swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-49969 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-49970 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25731 The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker... | 7.5 | HIGH | — | 0 |
| CVE-2008-6624 SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | N/A | NONE | — | 0 |
| CVE-2024-26333 swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26334 swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-26335 swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26337 swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5456 A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data wit... | 8.1 | HIGH | — | 0 |
| CVE-2023-45591 A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the... | 7.5 | HIGH | — | 0 |
| CVE-2023-45592 A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-45593 A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacke... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-45594 A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-45595 A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrar... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-45596 A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configurat... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-20030 Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information discl... | 2.6 | LOW | — | 0 |
| CVE-2023-45597 A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a r... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-45598 A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-45600 A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This i... | 5.6 | MEDIUM | — | 0 |
| CVE-2023-5457 A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a rem... | 7.5 | HIGH | — | 0 |
| CVE-2024-27622 A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-sup... | 7.2 | HIGH | — | 0 |
| CVE-2024-27625 CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate s... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-22252 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this iss... | 9.3 | CRITICAL | — | 0 |
| CVE-2024-1900 Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-1901 Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24275 Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search functi... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-24276 Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, mes... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-27278 OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49974 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /custome... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-49976 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /custome... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49977 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /custome... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-28154 Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28155 Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan con... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-28156 Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-50716 eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-46089 Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injecte... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-24767 CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads t... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-49986 A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected i... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-49987 A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49988 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | 7.5 | HIGH | — | 0 |
| CVE-2023-49989 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51281 Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address para... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.