CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-0194 A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the compon... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0195 A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionCon... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-52302 Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-21623 OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression inje... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-21627 PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method ... | 8.1 | HIGH | — | 0 |
| CVE-2023-4164 There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | 8.4 | HIGH | — | 0 |
| CVE-2023-6339 Google Nest WiFi Pro root code-execution & user-data compromise | 10.0 | CRITICAL | — | 0 |
| CVE-2024-0196 A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulat... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-52303 Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-21628 PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the d... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-21629 Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can h... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-21632 omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor... | 8.6 | HIGH | — | 0 |
| CVE-2023-49551 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | 7.5 | HIGH | — | 0 |
| CVE-2023-47473 Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. | 7.5 | HIGH | — | 0 |
| CVE-2024-0207 HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | 7.8 | HIGH | — | 0 |
| CVE-2024-0210 Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | 7.8 | HIGH | — | 0 |
| CVE-2023-7027 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versi... | 7.2 | HIGH | — | 0 |
| CVE-2026-31369 PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | 3.2 | LOW | — | 0 |
| CVE-2026-6746 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.5 | HIGH | — | 0 |
| CVE-2023-52304 Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | 8.2 | HIGH | — | 0 |
| CVE-2023-52305 FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52306 FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52307 Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | 8.2 | HIGH | — | 0 |
| CVE-2023-52308 FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52309 Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | 8.2 | HIGH | — | 0 |
| CVE-2023-52310 PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | 9.6 | CRITICAL | — | 0 |
| CVE-2023-52311 PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | 9.6 | CRITICAL | — | 0 |
| CVE-2023-52312 Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52313 FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52314 PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | 9.6 | CRITICAL | — | 0 |
| CVE-2023-6540 A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive inform... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6753 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.3 | HIGH | — | 0 |
| CVE-2023-30617 Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of th... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-46738 CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-46739 CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal us... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-46740 CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20809 Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | 4.0 | MEDIUM | — | 0 |
| CVE-2023-46741 CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-46742 CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-50253 Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in ver... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-0217 A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions th... | 3.3 | LOW | — | 0 |
| CVE-2024-21622 Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certai... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-21631 Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows w... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-21633 Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attac... | 7.8 | HIGH | — | 0 |
| CVE-2023-5880 When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via ... | 8.8 | HIGH | — | 0 |
| CVE-2023-5881 Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings. | 8.2 | HIGH | — | 0 |
| CVE-2023-6338 Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | 7.8 | HIGH | — | 0 |
| CVE-2023-52129 Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | 6.3 | MEDIUM | — | 0 |
| CVE-2023-50256 Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intent... | 7.5 | HIGH | — | 0 |
| CVE-2023-5138 Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | 6.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.