CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-21443 Windows Kernel Elevation of Privilege Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2022-34321 Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics abou... | 8.2 | HIGH | — | 0 |
| CVE-2024-21446 NTFS Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-7023 Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | 8.8 | HIGH | — | 0 |
| CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-26181 Windows Kernel Denial of Service Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-27317 In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is upl... | 8.4 | HIGH | — | 0 |
| CVE-2024-27894 The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "fi... | 8.5 | HIGH | — | 0 |
| CVE-2024-28186 FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization... | 7.1 | HIGH | — | 0 |
| CVE-2024-27305 aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpret... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-28236 Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, ... | 7.7 | HIGH | — | 0 |
| CVE-2024-7024 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | 9.6 | CRITICAL | — | 0 |
| CVE-2024-28239 Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user t... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2406 A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-28517 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-25155 In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor coul... | 7.2 | HIGH | — | 0 |
| CVE-2023-32335 IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have acc... | 3.7 | LOW | — | 0 |
| CVE-2023-38723 IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-25154 Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may l... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-1508 The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and in... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6809 The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-0377 The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all ver... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0614 The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-0896 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insuffi... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1074 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 du... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1391 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1505 The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allo... | 8.8 | HIGH | — | 0 |
| CVE-2024-25097 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a throug... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-25099 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Payti... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-25101 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-2028 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2237 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-27097 A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file f... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-27102 Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directo... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-28175 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-25597 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a... | 7.1 | HIGH | — | 0 |
| CVE-2024-26231 Windows DNS Server Remote Code Execution Vulnerability | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.