Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-43690 Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Comma... | 8.0 | HIGH | β | 0 |
| CVE-2024-8642 In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date)... | 8.1 | HIGH | β | 0 |
| CVE-2024-8646 In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code include... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-43793 Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious s... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-4465 An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with re... | 6.0 | MEDIUM | β | 0 |
| CVE-2024-6019 The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against adm... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-33578 A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | β | 0 |
| CVE-2023-52666 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-35812 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2023-52685 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-7721 The HTML5 Video Player β mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in ... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-7727 The HTML5 Video Player β mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5v... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-3899 The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform ... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-7716 The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-6887 The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above ... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-52756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2023-52802 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47472 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4153 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47543 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2021-47545 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-32029 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | β | 0 |
| CVE-2024-5537 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4842 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Not a vulnerability | N/A | NONE | β | 0 |
| CVE-2021-47285 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-3708 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2022-41729 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2024-8440 The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-7626 The WP Delicious β Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in th... | 8.1 | HIGH | β | 0 |
| CVE-2024-8045 The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βimageTagβ parameter in all versions up to, and including, 1.12.3 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-8705 A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetData... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-41730 Rejected reason: reserved but not needed | N/A | NONE | β | 0 |
| CVE-2024-8277 The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45786 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulati... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45787 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vuln... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45788 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by s... | 7.5 | HIGH | β | 0 |
| CVE-2024-45789 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the βmodeβ parameter in the API endpoint used during the registration process. An authenticated remote attacker... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-5416 The Elementor Website Builder β More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and inc... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-33579 A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | β | 0 |
| CVE-2024-5996 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-7609 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8. | 7.5 | HIGH | β | 0 |
| CVE-2024-45790 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27112 A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying da... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27113 An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-27114 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | 8.5 | HIGH | β | 0 |
| CVE-2022-48736 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2022-48737 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-38391 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-4460 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.