Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-24746 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-57095 SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload. | 6.8 | MEDIUM | β | 0 |
| CVE-2025-0721 A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-24662 Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-54530 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing aut... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-54547 The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to access protected user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-54550 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact informa... | 4.0 | MEDIUM | β | 0 |
| CVE-2024-56178 An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-57546 An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. | 7.5 | HIGH | β | 0 |
| CVE-2024-57547 Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. | 7.5 | HIGH | β | 0 |
| CVE-2024-57548 CMSimple 5.16 allows the user to edit log.php file via print page. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-57549 CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. | 7.5 | HIGH | β | 0 |
| CVE-2024-0149 NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information di... | 3.3 | LOW | β | 0 |
| CVE-2025-23053 A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator u... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-23054 A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privil... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-23055 A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfu... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-23056 A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfu... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-23057 A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfu... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-40672 In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional ... | 8.4 | HIGH | β | 0 |
| CVE-2024-40673 In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execu... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-40674 In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no addi... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-40675 In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User ... | 7.5 | HIGH | β | 0 |
| CVE-2025-22693 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a... | 7.6 | HIGH | β | 0 |
| CVE-2024-40676 In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of pri... | 7.7 | HIGH | β | 0 |
| CVE-2024-40677 In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privi... | 8.4 | HIGH | β | 0 |
| CVE-2025-0762 Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium... | 8.8 | HIGH | β | 0 |
| CVE-2025-23007 A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-10591 The MWB HubSpot for WooCommerce β CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privil... | 8.8 | HIGH | β | 0 |
| CVE-2025-0881 A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-12772 The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-23215 PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not ... | N/A | NONE | β | 0 |
| CVE-2025-22957 A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain u... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-57433 macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state. | 7.5 | HIGH | β | 0 |
| CVE-2024-57434 macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator. | 8.8 | HIGH | β | 0 |
| CVE-2024-57435 In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authen... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-0948 A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument inc... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-0949 A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-55456 lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | 6.5 | MEDIUM | β | 0 |
| CVE-2025-0950 A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argu... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-20147 In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interactio... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-20631 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... | 7.8 | HIGH | β | 0 |
| CVE-2025-20632 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... | 7.8 | HIGH | β | 0 |
| CVE-2024-13347 The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | 6.8 | MEDIUM | β | 0 |
| CVE-2024-57522 SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-56161 Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and ... | 7.2 | HIGH | β | 0 |
| CVE-2024-57175 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-56921 An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt o... | 7.5 | HIGH | β | 0 |
| CVE-2025-22664 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a throug... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-23058 A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to ... | 8.8 | HIGH | β | 0 |
| CVE-2025-23059 A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerabili... | 6.8 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.