CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-31404 Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. | 4.3 | MEDIUM | — | 0 |
| CVE-2009-1175 Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which i... | N/A | NONE | — | 0 |
| CVE-2023-52233 Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | 8.6 | HIGH | — | 0 |
| CVE-2024-36650 TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input st... | 7.5 | HIGH | — | 0 |
| CVE-2024-36702 libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | 7.4 | HIGH | — | 0 |
| CVE-2005-4879 Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) languag... | N/A | NONE | — | 0 |
| CVE-2024-0427 The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-4669 The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4924 The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-5154 A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrar... | 8.1 | HIGH | — | 0 |
| CVE-2024-36523 An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-37665 An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. | 8.8 | HIGH | — | 0 |
| CVE-2024-38293 ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. | 9.6 | CRITICAL | — | 0 |
| CVE-2023-35858 XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-37630 D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. | 8.8 | HIGH | — | 0 |
| CVE-2024-31777 File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5155 The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-33375 LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33377 LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with cr... | 8.1 | HIGH | — | 0 |
| CVE-2024-36656 In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-37644 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | 8.8 | HIGH | — | 0 |
| CVE-2024-33373 An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37641 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | 8.8 | HIGH | — | 0 |
| CVE-2024-37642 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37643 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | 8.8 | HIGH | — | 0 |
| CVE-2024-37645 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | 8.8 | HIGH | — | 0 |
| CVE-2024-38395 In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38467 Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | 7.5 | HIGH | — | 0 |
| CVE-2024-37081 The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues... | 7.8 | HIGH | — | 0 |
| CVE-2024-38396 An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), all... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34451 Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is tha... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37621 StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. | 7.2 | HIGH | — | 0 |
| CVE-2024-37661 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37662 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by se... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37840 SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the Lesson... | 8.8 | HIGH | — | 0 |
| CVE-2024-42571 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37821 An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | 8.8 | HIGH | — | 0 |
| CVE-2023-50900 Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35765 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-47770 Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | 7.6 | HIGH | — | 0 |
| CVE-2024-38581 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_m... | 7.8 | HIGH | — | 0 |
| CVE-2024-5475 The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which co... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-38902 H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48740 In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the co... | 7.8 | HIGH | — | 0 |
| CVE-2024-37222 Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. | 7.1 | HIGH | — | 0 |
| CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-37818 Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive i... | 8.6 | HIGH | — | 0 |
| CVE-2024-29390 Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parame... | 7.3 | HIGH | — | 0 |
| CVE-2024-36071 Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-32229 FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | 8.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.