CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-43667 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attack... | 7.5 | HIGH | — | 0 |
| CVE-2023-4822 Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in on... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-39456 Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to v... | 7.5 | HIGH | — | 0 |
| CVE-2025-32986 NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | 7.5 | HIGH | — | 0 |
| CVE-2023-41752 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users a... | 7.5 | HIGH | — | 0 |
| CVE-2023-22113 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows... | 2.7 | LOW | — | 0 |
| CVE-2023-5758 When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iO... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-40425 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access pri... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-41077 An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-48928 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-22236 In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary d... | 3.3 | LOW | — | 0 |
| CVE-2024-0589 Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a ma... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1103 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the componen... | 3.5 | LOW | — | 0 |
| CVE-2024-21888 A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | 8.8 | HIGH | — | 0 |
| CVE-2022-47072 SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23941 Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on th... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-51939 An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig func... | 8.8 | HIGH | — | 0 |
| CVE-2024-22859 Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 c... | 8.8 | HIGH | — | 0 |
| CVE-2024-24060 springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-24061 springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-24062 springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-23034 Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-2856 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-24041 A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected i... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-24945 A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected i... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-47256 ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 5.5 | MEDIUM | — | 0 |
| CVE-2023-4472 Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23031 Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-23032 Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-23033 Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-42563 An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50933 IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-48792 Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48793 Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23746 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22533 Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityMan... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42564 ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. | 7.6 | HIGH | — | 0 |
| CVE-2024-1143 Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | 9.3 | CRITICAL | — | 0 |
| CVE-2024-21780 Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected p... | 7.5 | HIGH | — | 0 |
| CVE-2023-48645 An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh bu... | 7.8 | HIGH | — | 0 |
| CVE-2024-22851 Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | 7.5 | HIGH | — | 0 |
| CVE-2023-39611 An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | 7.5 | HIGH | — | 0 |
| CVE-2023-50488 An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51072 A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-51820 An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 6.8 | MEDIUM | — | 0 |
| CVE-2024-24388 Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-51838 Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | 7.5 | HIGH | — | 0 |
| CVE-2024-22108 An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.p... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24029 JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-24161 MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.