Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-25098 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio β with Cache Support allows Stored XSS.This issue affects PB ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-1981 The Migration, Backup, Staging β WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-22954 GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-25594 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-23493 Mattermost fails to properly authorize the requests fetchingΒ team associated AD/LDAP groups, allowing a user to fetch details ofΒ AD/LDAP groups of a team that they are not a member of.Β | 4.3 | MEDIUM | β | 0 |
| CVE-2024-24988 Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to sendΒ multiple times a very long string as an emoji value causing high resource co... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-26607 In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii902... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-20689 Secure Boot Security Feature Bypass Vulnerability | 7.1 | HIGH | β | 0 |
| CVE-2023-52485 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command [Why] We can hang in place trying to send commands when the DMCUB isn't power... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47016 In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt fla... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47055 In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47056 In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-33677 Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | 7.5 | HIGH | β | 0 |
| CVE-2021-47066 In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size.... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-2021 A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-2022 A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipA... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-52497 In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-27295 Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim use... | 8.2 | HIGH | β | 0 |
| CVE-2024-27296 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessibl... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-2071 A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The ... | 3.5 | LOW | β | 0 |
| CVE-2024-2072 A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of t... | 3.5 | LOW | β | 0 |
| CVE-2024-2073 A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-1453 In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2021-47069 In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local addr... | 7.0 | HIGH | β | 0 |
| CVE-2021-47072 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the i... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47073 In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on s... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52564 In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48628 In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52499 In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: k... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52500 In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_C... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52501 In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer ... | 7.1 | HIGH | β | 0 |
| CVE-2023-52505 In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers The protocol converter configuration registers PC... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-52506 In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_re... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52507 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert ... | 7.1 | HIGH | β | 0 |
| CVE-2023-52517 In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain Previously the transfer complete IRQ immediately drained... | 7.0 | HIGH | β | 0 |
| CVE-2023-52519 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL (Elkhart Lake) based platforms provide a OOB (Out of band) serv... | 7.1 | HIGH | β | 0 |
| CVE-2023-52523 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an sk_msg program user can steer m... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52524 In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list ... | 7.8 | HIGH | β | 0 |
| CVE-2023-28582 Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52525 In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers w... | 7.1 | HIGH | β | 0 |
| CVE-2023-52527 In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52532 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52559 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52562 In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() After the commit in Fixes:, if a module that created a ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52580 In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff patter... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52582 In the Linux kernel, the following vulnerability has been resolved: netfs: Only call folio_start_fscache() one time for each folio If a network filesystem using netfs implements a clamp_length() fun... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-0795 If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then ... | 7.2 | HIGH | β | 0 |
| CVE-2024-26621 In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP bounda... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-0765 As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-33078 Information Disclosure while processing IOCTL request in FastRPC. | 5.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.