Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-21204 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high pr... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-21205 Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerabilit... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-21207 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vuln... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-21209 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerabi... | 2.0 | LOW | β | 0 |
| CVE-2024-21247 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily explo... | 3.8 | LOW | β | 0 |
| CVE-2024-21248 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulner... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-21253 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high pr... | 2.3 | LOW | β | 0 |
| CVE-2024-21255 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulner... | 8.8 | HIGH | β | 0 |
| CVE-2024-41311 In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | 8.1 | HIGH | β | 0 |
| CVE-2024-9958 Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9962 Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafte... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9963 Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted ... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9964 Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted C... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9965 Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code v... | 8.8 | HIGH | β | 0 |
| CVE-2024-9966 Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Lo... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-9634 The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input fro... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-9649 The WP ULike β The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or inco... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9888 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 ... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36835 The Migration, Backup, Staging β WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_a... | 4.9 | MEDIUM | β | 0 |
| CVE-2021-4445 The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_di... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45715 The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | 7.1 | HIGH | β | 0 |
| CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | 7.8 | HIGH | β | 0 |
| CVE-2024-47836 Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.... | 3.5 | LOW | β | 0 |
| CVE-2024-45713 SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | 5.1 | MEDIUM | β | 0 |
| CVE-2020-36836 The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path val... | 8.0 | HIGH | β | 0 |
| CVE-2024-9264 The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, lea... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-47485 There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47487 There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | 8.8 | HIGH | β | 0 |
| CVE-2023-6080 Lakeside Softwareβs SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. | 7.8 | HIGH | β | 0 |
| CVE-2024-10153 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-52917 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-40746 A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious pa... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-30159 A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-30160 A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scr... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-50311 A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent wit... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-48706 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-49208 Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit th... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-49209 Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploi... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45334 Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | 7.8 | HIGH | β | 0 |
| CVE-2024-45335 Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection... | 8.4 | HIGH | β | 0 |
| CVE-2024-50066 In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the... | 7.0 | HIGH | β | 0 |
| CVE-2024-9650 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtooltipβ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-9598 The AMP for WP β Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce val... | 8.8 | HIGH | β | 0 |
| CVE-2013-5519 Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, ak... | N/A | NONE | β | 0 |
| CVE-2024-48428 An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47821 pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executa... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-10469 VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-48825 Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | 8.8 | HIGH | β | 0 |
| CVE-2024-48826 Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | 8.8 | HIGH | β | 0 |
| CVE-2024-40792 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | 3.3 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.