CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-42640 angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the s... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9815 A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. T... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-9816 A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulati... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-47868 Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the p... | 7.5 | HIGH | — | 0 |
| CVE-2024-47869 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since ... | 3.7 | LOW | — | 0 |
| CVE-2024-47870 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `ro... | 8.1 | HIGH | — | 0 |
| CVE-2024-7514 The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47871 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `sha... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-47872 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users ca... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-9817 A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-9818 A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The... | 7.3 | HIGH | — | 0 |
| CVE-2023-42133 PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerabi... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-45316 The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to... | 7.8 | HIGH | — | 0 |
| CVE-2024-8530 CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-9051 The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9211 The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9232 The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in al... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9234 The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9346 The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sani... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-8531 CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scr... | 7.2 | HIGH | — | 0 |
| CVE-2024-9436 The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without a... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9507 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-9543 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9610 The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9611 The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the UR... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9616 The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-44734 Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | 7.5 | HIGH | — | 0 |
| CVE-2024-46215 A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the len... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-44807 A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a l... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-46532 SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48768 An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | 7.5 | HIGH | — | 0 |
| CVE-2024-48769 An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-48770 An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 8.2 | HIGH | — | 0 |
| CVE-2024-48771 An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | 7.5 | HIGH | — | 0 |
| CVE-2026-31370 Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-48772 An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-48788 An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | 7.5 | HIGH | — | 0 |
| CVE-2024-45754 An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection ca... | 7.2 | HIGH | — | 0 |
| CVE-2024-9592 The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the '... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9187 The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This mak... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48253 Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6711 The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9656 The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and out... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9670 The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9824 The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' fun... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-8760 The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8915 The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8757 The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is v... | 7.2 | HIGH | — | 0 |
| CVE-2024-9922 The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 7.5 | HIGH | — | 0 |
| CVE-2024-9894 A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail l... | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.