CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-24707 Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | 9.9 | CRITICAL | — | 0 |
| CVE-2024-33546 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | 9.6 | CRITICAL | — | 0 |
| CVE-2024-0394 Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. T... | 7.8 | HIGH | — | 0 |
| CVE-2024-31419 An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-31420 A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by iss... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28275 Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive informatio... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-23540 The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly re... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2758 Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0335 ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ A... | 7.5 | HIGH | — | 0 |
| CVE-2024-27706 Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-30265 Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the ... | 7.5 | HIGH | — | 0 |
| CVE-2024-25568 OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the prod... | 8.8 | HIGH | — | 0 |
| CVE-2024-29167 SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | 7.2 | HIGH | — | 0 |
| CVE-2024-3274 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown fun... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2759 Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1... | 7.5 | HIGH | — | 0 |
| CVE-2024-33652 Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-31025 SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component. | 7.5 | HIGH | — | 0 |
| CVE-2024-28520 File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.ph... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-25199 A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive in... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25200 An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-2008 The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrust... | 8.8 | HIGH | — | 0 |
| CVE-2024-31082 A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially lead... | 7.3 | HIGH | — | 0 |
| CVE-2024-22189 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire o... | 7.5 | HIGH | — | 0 |
| CVE-2024-3298 Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow ... | 7.8 | HIGH | — | 0 |
| CVE-2024-3299 Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. The... | 7.8 | HIGH | — | 0 |
| CVE-2024-2103 Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave u... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-31207 Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with direc... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-31209 oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_pr... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-30263 macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the... | 7.7 | HIGH | — | 0 |
| CVE-2024-25007 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to ... | 7.1 | HIGH | — | 0 |
| CVE-2024-30249 Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on th... | 8.6 | HIGH | — | 0 |
| CVE-2024-30254 MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-22023 An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests i... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-26329 Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-22052 A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in... | 7.5 | HIGH | — | 0 |
| CVE-2024-22053 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to c... | 8.2 | HIGH | — | 0 |
| CVE-2024-21894 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to c... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31206 dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic ... | 8.2 | HIGH | — | 0 |
| CVE-2024-31498 Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. | 8.8 | HIGH | — | 0 |
| CVE-2024-22363 SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). | 7.5 | HIGH | — | 0 |
| CVE-2024-29672 Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. | 8.8 | HIGH | — | 0 |
| CVE-2024-29863 A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be ... | 7.8 | HIGH | — | 0 |
| CVE-2023-6522 Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914. | 7.2 | HIGH | — | 0 |
| CVE-2023-6523 Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914. | 8.8 | HIGH | — | 0 |
| CVE-2024-31218 Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Fu... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5912 A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-3346 A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argu... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-31028 NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this v... | 2.8 | LOW | — | 0 |
| CVE-2024-0080 NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulne... | 2.8 | LOW | — | 0 |
| CVE-2024-31848 A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain com... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.