Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-3899 The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform ... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-7716 The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-6887 The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above ... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-52756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2023-52802 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47472 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4153 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47543 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47545 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-32029 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | β | 0 |
| CVE-2024-5537 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4842 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Not a vulnerability | N/A | NONE | β | 0 |
| CVE-2021-47285 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-3708 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2022-41729 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2024-8440 The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-7626 The WP Delicious β Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in th... | 8.1 | HIGH | β | 0 |
| CVE-2024-8045 The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βimageTagβ parameter in all versions up to, and including, 1.12.3 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2019-25212 The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user ... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-8705 A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetData... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-41730 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2024-8277 The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45786 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulati... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45787 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vuln... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45788 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by s... | 7.5 | HIGH | β | 0 |
| CVE-2024-45789 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the βmodeβ parameter in the API endpoint used during the registration process. An authenticated remote attacker... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-5416 The Elementor Website Builder β More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and inc... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-33579 A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | β | 0 |
| CVE-2024-5996 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-7609 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8. | 7.5 | HIGH | β | 0 |
| CVE-2024-45790 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27112 A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying da... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27113 An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27114 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | 8.5 | HIGH | β | 0 |
| CVE-2022-48736 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2022-48737 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-38391 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4460 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-39362 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-34584 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Reason: An additional patch is required. | N/A | NONE | β | 0 |
| CVE-2022-32147 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2022-32191 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2022-3428 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2022-41718 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2022-41726 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2022-41728 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2024-37353 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-27115 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7805 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.