Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-1702 A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads t... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-23346 Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` me... | 9.3 | CRITICAL | — | 0 |
| CVE-2024-27099 The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submo... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25117 php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to ... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-26130 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificate... | 7.5 | HIGH | — | 0 |
| CVE-2024-26133 EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior t... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26138 The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding act... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-29950 The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker... | 7.5 | HIGH | — | 0 |
| CVE-2024-1705 A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the compon... | 5.6 | MEDIUM | — | 0 |
| CVE-2024-26145 Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update th... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1707 A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. T... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22473 TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gec... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-6533 Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6640 Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-3900 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. | 2.9 | LOW | — | 0 |
| CVE-2024-23654 discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to adm... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-25124 Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabi... | 9.4 | CRITICAL | — | 0 |
| CVE-2024-26148 Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing nec... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-24817 Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics i... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-25802 SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25129 The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML Ex... | 2.7 | LOW | — | 0 |
| CVE-2024-25130 Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tule... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-26151 The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of `FelixSchwarz/mjml-python` who in... | 8.2 | HIGH | — | 0 |
| CVE-2024-22243 Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open... | 8.1 | HIGH | — | 0 |
| CVE-2024-25629 c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if usi... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-26150 `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20... | 8.7 | HIGH | — | 0 |
| CVE-2023-51392 Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sid... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28852 Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable ar... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-29760 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommer... | 7.1 | HIGH | — | 0 |
| CVE-2024-23450 A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. | 4.9 | MEDIUM | — | 0 |
| CVE-2024-23451 Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious use... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-3000 A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/pass... | 7.3 | HIGH | — | 0 |
| CVE-2024-57556 Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component | 6.1 | MEDIUM | — | 0 |
| CVE-2024-3001 A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-30241 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | 8.5 | HIGH | — | 0 |
| CVE-2023-39313 Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | 7.7 | HIGH | — | 0 |
| CVE-2024-28004 Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-9499 DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted... | 8.6 | HIGH | — | 0 |
| CVE-2024-3040 A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of th... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-3041 A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-3042 A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-25946 Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted comma... | 7.2 | HIGH | — | 0 |
| CVE-2024-21989 ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate thei... | 8.1 | HIGH | — | 0 |
| CVE-2024-25955 Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted comma... | 7.2 | HIGH | — | 0 |
| CVE-2024-25971 Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to infor... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30487 Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1... | 7.6 | HIGH | — | 0 |
| CVE-2024-0608 The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versio... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-23449 An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to pars... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-30490 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 9.3 | CRITICAL | — | 0 |
| CVE-2024-30491 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 8.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.