Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-10673 A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of t... | 7.3 | HIGH | β | 0 |
| CVE-2025-10674 A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper auth... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9533 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2024-9534 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of... | 8.8 | HIGH | β | 0 |
| CVE-2024-9535 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWCon... | 8.8 | HIGH | β | 0 |
| CVE-2024-47382 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through <= ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-9549 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. ... | 8.8 | HIGH | β | 0 |
| CVE-2024-45245 Diebold Nixdorf β CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 7.8 | HIGH | β | 0 |
| CVE-2024-9550 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2022-4404 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2024-47372 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-48703 CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A ... | 9.0 | CRITICAL | KEV | 0 |
| CVE-2024-9551 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manip... | 8.8 | HIGH | β | 0 |
| CVE-2024-9552 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipula... | 8.8 | HIGH | β | 0 |
| CVE-2024-48775 An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 7.5 | HIGH | β | 0 |
| CVE-2024-9553 A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2024-45246 Diebold Nixdorf β CWE-427: Uncontrolled Search Path Element | 7.3 | HIGH | β | 0 |
| CVE-2024-45247 Sonarr β CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7958 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-9467 A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9554 A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of t... | 3.7 | LOW | β | 0 |
| CVE-2024-44029 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. | 7.1 | HIGH | β | 0 |
| CVE-2011-3402 Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2... | 8.8 | HIGH | KEV | 0 |
| CVE-2013-1554 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vecto... | N/A | NONE | β | 0 |
| CVE-2024-45248 Multi-DNC β CWE-35: Path Traversal: '.../...//' | 7.5 | HIGH | β | 0 |
| CVE-2024-45250 ZKteco β CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | 4.3 | MEDIUM | β | 0 |
| CVE-2024-45251 Elsight β CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45252 Elsight β CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10675 A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authori... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-10676 A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The at... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9555 A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The... | 8.8 | HIGH | β | 0 |
| CVE-2024-9556 A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of... | 8.8 | HIGH | β | 0 |
| CVE-2024-7049 In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8343 A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of ... | 7.3 | HIGH | β | 0 |
| CVE-2024-45047 svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The ass... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-6204 Zohocorp ManageEngine Exchange Reporter Plus versions beforeΒ 5715 are vulnerable toΒ SQL Injection in the reports module. | 8.3 | HIGH | β | 0 |
| CVE-2024-8344 A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-8345 A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipul... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-21658 discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious act... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-38868 Zohocorp ManageEngine Endpoint Central affected byΒ Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | 7.6 | HIGH | β | 0 |
| CVE-2022-4424 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2022-4530 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2022-4540 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2024-42379 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2022-4412 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2022-4528 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2022-4538 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate ha... | N/A | NONE | β | 0 |
| CVE-2024-8346 A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-8347 A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.p... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-8348 A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /class... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.