Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-4479 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5263 The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6000 The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions u... | 7.1 | HIGH | β | 0 |
| CVE-2024-1399 The Restaurant Menu β Food Ordering System β Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5862 Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: bef... | 7.5 | HIGH | β | 0 |
| CVE-2024-3105 The Woody code snippets β Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode.... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-4095 The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-4258 The Video Gallery β YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-4551 The Video Gallery β YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This m... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5858 The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-10347 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-11191 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-5611 The Stratum β Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βlabel_yearsβ attribute within the Countdown widget in all versions up to, and including, 1.4.... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-31870 IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. ... | 3.3 | LOW | β | 0 |
| CVE-2024-6008 A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument i... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6009 A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-38461 irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. | 7.5 | HIGH | β | 0 |
| CVE-2024-11264 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-6013 A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argumen... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6014 A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6015 A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6016 A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-36279 Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vuln... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-38394 Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to ac... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-38427 In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. | 8.8 | HIGH | β | 0 |
| CVE-2024-36397 Vantiva - MediaAccess DGA2232Β v19.4 -Β CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 | MEDIUM | β | 0 |
| CVE-2024-38443 C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. | 6.2 | MEDIUM | β | 0 |
| CVE-2024-38448 htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-38457 Xenforo before 2.2.16 allows CSRF. | 8.8 | HIGH | β | 0 |
| CVE-2024-38458 Xenforo before 2.2.16 allows code injection. | 8.8 | HIGH | β | 0 |
| CVE-2023-31310 Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting i... | 5.0 | MEDIUM | β | 0 |
| CVE-2024-38462 iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27636 Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-6039 A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql inj... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6041 A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manip... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-6042 A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The ma... | 7.3 | HIGH | β | 0 |
| CVE-2024-36573 almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6043 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the ar... | 7.3 | HIGH | β | 0 |
| CVE-2024-5163 Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6044 Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-6045 Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessin... | 8.8 | HIGH | β | 0 |
| CVE-2024-5650 DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected produc... | 8.5 | HIGH | β | 0 |
| CVE-2024-36277 Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid s... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-44460 An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | 7.5 | HIGH | β | 0 |
| CVE-2024-36289 Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct message... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-6048 Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-5741 Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 6.5 | MEDIUM | β | 0 |
| CVE-2024-36580 A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36583 A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. | 8.1 | HIGH | β | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.