Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-42399 Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-36130 An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating syst... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36132 Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | 7.5 | HIGH | — | 0 |
| CVE-2024-37403 Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerabili... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-6254 The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form subm... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-42222 In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tena... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-6522 The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible f... | 8.5 | HIGH | — | 0 |
| CVE-2024-7265 Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, whi... | 8.8 | HIGH | — | 0 |
| CVE-2024-7266 Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-7267 Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29831 Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plu... | 8.8 | HIGH | — | 0 |
| CVE-2024-7355 The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insuf... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-43044 Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remotin... | 8.8 | HIGH | — | 0 |
| CVE-2024-43045 Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". | 6.3 | MEDIUM | — | 0 |
| CVE-2024-41251 An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-41243 An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-41250 An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT de... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-7492 The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network... | 8.8 | HIGH | — | 0 |
| CVE-2024-5668 The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 d... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-6869 The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and includi... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-6987 The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and incl... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-5226 The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient va... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-7150 The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient esc... | 8.8 | HIGH | — | 0 |
| CVE-2024-30188 File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.... | 8.1 | HIGH | — | 0 |
| CVE-2024-42031 Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2024-42254 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_allo... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-24062 Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorizati... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-40261 Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. Th... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-50809 In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake.... | 7.8 | HIGH | — | 0 |
| CVE-2024-40480 A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-41481 Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-41482 Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-41888 Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration peri... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-41890 Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a val... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-33533 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This v... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-33535 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of t... | 7.5 | HIGH | — | 0 |
| CVE-2024-33536 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and e... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-36877 Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was disco... | 8.2 | HIGH | — | 0 |
| CVE-2024-43220 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Ma... | 7.1 | HIGH | — | 0 |
| CVE-2026-5012 A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remo... | 7.3 | HIGH | — | 0 |
| CVE-2024-43133 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43150 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43121 Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-41623 An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-26344 An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting im... | 7.2 | HIGH | — | 0 |
| CVE-2022-23815 Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. | 7.5 | HIGH | — | 0 |
| CVE-2023-20578 A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary... | 7.5 | HIGH | — | 0 |
| CVE-2023-20591 Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-31341 Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resu... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.