CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-55864 Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious cont... | N/A | NONE | — | 0 |
| CVE-2024-12665 A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads t... | 3.5 | LOW | — | 0 |
| CVE-2024-12666 A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component U... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-12667 A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session ... | 3.7 | LOW | — | 0 |
| CVE-2024-55949 MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit ... | N/A | NONE | — | 0 |
| CVE-2024-55951 Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. T... | N/A | NONE | — | 0 |
| CVE-2024-55557 ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29671 Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55554 Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-12443 The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all v... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11900 The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up t... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11905 The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11906 The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-10205 Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hita... | 9.4 | CRITICAL | — | 0 |
| CVE-2020-12484 When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same na... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-56017 Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23. | 7.1 | HIGH | — | 0 |
| CVE-2024-38499 CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further ... | 8.8 | HIGH | — | 0 |
| CVE-2024-54125 Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnera... | N/A | NONE | — | 0 |
| CVE-2024-9624 The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. T... | 7.6 | HIGH | — | 0 |
| CVE-2021-26280 Locally installed application can bypass the permission check and perform system operations that require permission. | 7.9 | HIGH | — | 0 |
| CVE-2021-26281 Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-11999 CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product. | 8.8 | HIGH | — | 0 |
| CVE-2024-12220 The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11294 The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauth... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8475 Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-9819 Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-12293 The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_r... | 8.8 | HIGH | — | 0 |
| CVE-2024-12127 The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versi... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12469 The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-8326 The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u... | 8.8 | HIGH | — | 0 |
| CVE-2024-11280 The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-12395 The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to in... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-8429 Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10476 Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as pro... | 8.0 | HIGH | — | 0 |
| CVE-2024-42194 An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by ... | 3.1 | LOW | — | 0 |
| CVE-2024-54662 Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-56139 pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has ... | N/A | NONE | — | 0 |
| CVE-2024-51175 An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. | 7.5 | HIGH | — | 0 |
| CVE-2024-52792 LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-56142 pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with p... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-10973 A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an a... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-11439 The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11748 The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11881 The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficie... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12500 The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12513 The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12025 The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3... | 7.5 | HIGH | — | 0 |
| CVE-2024-12250 The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47397 Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypasse... | 7.5 | HIGH | — | 0 |
| CVE-2024-12259 The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not prope... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.