CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-34124 The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34127 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary co... | 8.8 | HIGH | — | 0 |
| CVE-2023-34133 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information fr... | 7.5 | HIGH | — | 0 |
| CVE-2023-2975 Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that us... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-3245 The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-57653 An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | HIGH | — | 0 |
| CVE-2023-37265 CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addr... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37266 CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on C... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3446 Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-25836 There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked cou... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25840 There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but co... | 3.4 | LOW | — | 0 |
| CVE-2024-35011 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25841 There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted co... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-3248 The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site ... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-3640 A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important ... | 7.0 | HIGH | — | 0 |
| CVE-2008-6620 Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inje... | N/A | NONE | — | 0 |
| CVE-2008-6621 Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained f... | N/A | NONE | — | 0 |
| CVE-2023-3575 The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Sit... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-39520 Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-35139 An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 7.5 | HIGH | — | 0 |
| CVE-2020-35141 An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 7.5 | HIGH | — | 0 |
| CVE-2023-22955 An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing... | 7.8 | HIGH | — | 0 |
| CVE-2023-3936 The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hi... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-46179 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-57654 An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | HIGH | — | 0 |
| CVE-2023-40195 Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider i... | 8.8 | HIGH | — | 0 |
| CVE-2023-39810 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | 7.8 | HIGH | — | 0 |
| CVE-2023-3501 The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-3992 The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pri... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4013 The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-4035 The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-31615 ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4743 A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to ... | 3.1 | LOW | — | 0 |
| CVE-2023-3499 The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-4019 The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead ... | 8.8 | HIGH | — | 0 |
| CVE-2023-4216 The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capabilit... | 2.7 | LOW | — | 0 |
| CVE-2023-4269 The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retriev... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4279 This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source... | 7.5 | HIGH | — | 0 |
| CVE-2023-4298 The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-4540 Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted ... | 7.5 | HIGH | — | 0 |
| CVE-2023-36361 Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39514 Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-30534 Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-31132 Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows ... | 7.8 | HIGH | — | 0 |
| CVE-2025-20013 Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information discl... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-39516 Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-39511 Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4528 Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface | 7.2 | HIGH | — | 0 |
| CVE-2023-4807 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_6... | 7.8 | HIGH | — | 0 |
| CVE-2023-40032 libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed ... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.