Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-33281 The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reprodu... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-33285 An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-33235 MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization ... | 7.2 | HIGH | — | 0 |
| CVE-2023-33236 MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authenticat... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0010 Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could succ... | 7.8 | HIGH | — | 0 |
| CVE-2022-47673 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | 7.8 | HIGH | — | 0 |
| CVE-2022-47142 Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-47609 Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | 6.3 | MEDIUM | — | 0 |
| CVE-2023-22688 Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-22692 Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-22709 Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-22714 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23680 Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-24032 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to loc... | 7.8 | HIGH | — | 0 |
| CVE-2023-23712 Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-23813 Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-41608 Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-44739 Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-45076 Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-45079 Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-45376 Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32958 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-47167 Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-47183 Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-47611 Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23797 Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25537 Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could pote... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2832 SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. | 7.2 | HIGH | — | 0 |
| CVE-2023-2597 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the b... | 7.0 | HIGH | — | 0 |
| CVE-2023-31058 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' opt... | 7.5 | HIGH | — | 0 |
| CVE-2022-46680 A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able... | 8.8 | HIGH | — | 0 |
| CVE-2023-31206 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and t... | 7.5 | HIGH | — | 0 |
| CVE-2023-31453 Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete othe... | 7.5 | HIGH | — | 0 |
| CVE-2023-31454 Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any ... | 7.5 | HIGH | — | 0 |
| CVE-2023-25447 Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-34797 Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25448 Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-31923 Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged... | 8.8 | HIGH | — | 0 |
| CVE-2023-32346 Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a de... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-32347 Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspec... | 8.1 | HIGH | — | 0 |
| CVE-2023-2586 Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-2587 Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial num... | 7.5 | HIGH | — | 0 |
| CVE-2020-20012 WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-2588 Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user ca... | 8.8 | HIGH | — | 0 |
| CVE-2023-31062 Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unpr... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31064 Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cance... | 7.5 | HIGH | — | 0 |
| CVE-2023-31065 Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-31066 Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong coul... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-31098 Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-42147 An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.