CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-48644 An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacke... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-28158 A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-28159 A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2318 A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Serv... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-43855 IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28339 An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentica... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-28340 An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authe... | 7.5 | HIGH | — | 0 |
| CVE-2024-26529 An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms... | 7.5 | HIGH | — | 0 |
| CVE-2025-5333 Remote attackers can execute arbitrary code in the context of the vulnerable service process. | N/A | NONE | — | 0 |
| CVE-2023-50726 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defi... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-28391 SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), display... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-26503 Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-26540 A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. | 7.8 | HIGH | — | 0 |
| CVE-2024-22259 Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be v... | 8.1 | HIGH | — | 0 |
| CVE-2024-28069 A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper con... | 7.5 | HIGH | — | 0 |
| CVE-2024-28070 A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-28283 There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-28396 An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. | 7.5 | HIGH | — | 0 |
| CVE-2024-28735 Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of th... | 8.1 | HIGH | — | 0 |
| CVE-2024-25294 An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-24028 Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-24110 SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-25167 Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-28123 Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or ... | 7.3 | HIGH | — | 0 |
| CVE-2024-28286 In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifest... | 7.5 | HIGH | — | 0 |
| CVE-2024-2007 A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2014 A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id ... | 7.3 | HIGH | — | 0 |
| CVE-2024-28635 Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-29858 In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27956 Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | 7.5 | HIGH | — | 0 |
| CVE-2024-29862 The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED st... | 7.5 | HIGH | — | 0 |
| CVE-2024-29864 Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-26307 Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-27438 Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29866 Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-27995 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-29243 Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29244 Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2463 Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. | 8.0 | HIGH | — | 0 |
| CVE-2024-2464 This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-2465 Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | 7.1 | HIGH | — | 0 |
| CVE-2023-49837 Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28756 The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between t... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-24272 An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed ... | 7.1 | HIGH | — | 0 |
| CVE-2024-28521 SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the logini... | 7.8 | HIGH | — | 0 |
| CVE-2024-28441 File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25807 Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-26557 Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-25808 Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. | 8.3 | HIGH | — | 0 |
| CVE-2024-29271 Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.