Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-52023 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to caus... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-52024 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to ca... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-20487 A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability i... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-47895 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2024-52025 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to ... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-52026 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to c... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-52028 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-52029 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-52030 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via ... | 5.7 | MEDIUM | β | 0 |
| CVE-2024-48176 Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows atta... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9934 The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used agai... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-43425 A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | 8.1 | HIGH | β | 0 |
| CVE-2024-43428 To address a cache poisoning risk in Moodle, additional validation for local storage was required. | 7.7 | HIGH | β | 0 |
| CVE-2024-43431 A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access. | 7.5 | HIGH | β | 0 |
| CVE-2024-43434 The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | 8.1 | HIGH | β | 0 |
| CVE-2024-43440 A flaw was found in moodle. A local file may include risks when restoring block backups. | 7.5 | HIGH | β | 0 |
| CVE-2024-8378 The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-47896 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-47897 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2024-48951 An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | 7.5 | HIGH | β | 0 |
| CVE-2024-48952 An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability ena... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-48953 An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users... | 7.5 | HIGH | β | 0 |
| CVE-2024-48954 An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. | 6.4 | MEDIUM | β | 0 |
| CVE-2024-21538 Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increas... | 7.5 | HIGH | β | 0 |
| CVE-2024-50203 In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_im... | 7.8 | HIGH | β | 0 |
| CVE-2024-10846 The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-9874 The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the βorderbyβ parameter in all versions up to, and including, 5.4.6 due t... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-43427 A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally b... | 3.7 | LOW | β | 0 |
| CVE-2024-43429 A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the informat... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-43430 A flaw was found in moodle. External API access to Quiz can override contained insufficient access control. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-43432 A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header informati... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-43433 A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-47898 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2024-43435 A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-51186 D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. | 8.0 | HIGH | β | 0 |
| CVE-2024-9835 The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-9836 The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-51094 An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the P... | 8.0 | HIGH | β | 0 |
| CVE-2024-34781 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | β | 0 |
| CVE-2024-50839 A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbit... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-34782 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | β | 0 |
| CVE-2024-34784 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | β | 0 |
| CVE-2024-34787 Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction ... | 7.8 | HIGH | β | 0 |
| CVE-2024-37376 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code e... | 7.2 | HIGH | β | 0 |
| CVE-2025-47899 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-0020 Rejected reason: βThis CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected this CVE as it is not a vulnerabilityβ | N/A | NONE | β | 0 |
| CVE-2024-48510 Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-52553 Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. | 8.8 | HIGH | β | 0 |
| CVE-2024-40404 Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-40405 Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.