Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-5517 A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The ma... | 7.3 | HIGH | — | 0 |
| CVE-2024-5518 A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-5519 A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2024-20881 Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution. | 6.4 | MEDIUM | — | 0 |
| CVE-2024-3564 The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it... | 8.8 | HIGH | — | 0 |
| CVE-2024-4148 A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular ... | 7.5 | HIGH | — | 0 |
| CVE-2024-5588 A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-5589 A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The man... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-5590 A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.ph... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-43538 Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | 9.3 | CRITICAL | — | 0 |
| CVE-2023-43543 Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-21478 transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA. | 6.2 | MEDIUM | — | 0 |
| CVE-2023-51219 A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering a... | 9.6 | CRITICAL | — | 0 |
| CVE-2023-33930 Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimite... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-20873 Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory. | 4.2 | MEDIUM | — | 0 |
| CVE-2024-20874 Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities. | 7.9 | HIGH | — | 0 |
| CVE-2023-48747 Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a throu... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-37052 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s... | 8.8 | HIGH | — | 0 |
| CVE-2024-37053 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s... | 8.8 | HIGH | — | 0 |
| CVE-2024-37054 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s syste... | 8.8 | HIGH | — | 0 |
| CVE-2024-37055 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s sy... | 8.8 | HIGH | — | 0 |
| CVE-2024-37057 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’... | 8.8 | HIGH | — | 0 |
| CVE-2024-37058 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an... | 8.8 | HIGH | — | 0 |
| CVE-2024-37059 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s syst... | 8.8 | HIGH | — | 0 |
| CVE-2024-37060 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system ... | 8.8 | HIGH | — | 0 |
| CVE-2024-37061 Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | 8.8 | HIGH | — | 0 |
| CVE-2023-51543 Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-51544 Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-5813 A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-4212 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2362 A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-36970 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9.... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5772 A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deletei... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-5773 A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-32798 Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. | 7.5 | HIGH | — | 0 |
| CVE-2024-32799 Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-32714 Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch nam... | 8.8 | HIGH | — | 0 |
| CVE-2024-37899 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. ... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-6748 The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authentic... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4659 The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insuffici... | 7.5 | HIGH | — | 0 |
| CVE-2024-35206 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unau... | 7.7 | HIGH | — | 0 |
| CVE-2024-35209 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an atta... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-35210 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgra... | 5.1 | MEDIUM | — | 0 |
| CVE-2024-35211 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, wit... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35212 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to th... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-5812 A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API ... | 3.3 | LOW | — | 0 |
| CVE-2024-37308 The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to ins... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-5646 The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 du... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.