CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-36543 Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to h... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38449 A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read ... | 7.7 | HIGH | — | 0 |
| CVE-2024-6059 A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component N... | 2.4 | LOW | — | 0 |
| CVE-2024-37305 oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been i... | 8.2 | HIGH | — | 0 |
| CVE-2024-37890 ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was... | 7.5 | HIGH | — | 0 |
| CVE-2024-33620 Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server m... | 8.6 | HIGH | — | 0 |
| CVE-2024-37893 Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows maliciou... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-37896 Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows user... | 8.8 | HIGH | — | 0 |
| CVE-2024-37902 DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly int... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-6061 A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_re... | 3.3 | LOW | — | 0 |
| CVE-2024-6062 A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of t... | 3.3 | LOW | — | 0 |
| CVE-2024-34665 Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required fo... | 7.5 | HIGH | — | 0 |
| CVE-2024-6063 A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the componen... | 3.3 | LOW | — | 0 |
| CVE-2024-6064 A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-6065 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the ar... | 7.3 | HIGH | — | 0 |
| CVE-2024-6066 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-6067 A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /mces/?p=class/view_class. ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-12161 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-6080 A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted se... | 7.8 | HIGH | — | 0 |
| CVE-2024-6082 A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Optio... | 2.4 | LOW | — | 0 |
| CVE-2024-6083 A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-6084 A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /... | 7.3 | HIGH | — | 0 |
| CVE-2024-33622 Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30812 Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | 5.4 | MEDIUM | — | 0 |
| CVE-2026-30813 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | 8.8 | HIGH | — | 0 |
| CVE-2026-34186 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | 8.8 | HIGH | — | 0 |
| CVE-2026-34188 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800 | 7.2 | HIGH | — | 0 |
| CVE-2024-12242 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-4344 A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the... | 7.1 | HIGH | — | 0 |
| CVE-2026-4345 A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious a... | 7.1 | HIGH | — | 0 |
| CVE-2026-4369 A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerabilit... | 7.1 | HIGH | — | 0 |
| CVE-2024-34024 Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-3276 The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-5172 The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-6643 A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to th... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-6108 A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=inde... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-38504 In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | 4.3 | MEDIUM | — | 0 |
| CVE-2024-38505 In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34666 Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interac... | 7.5 | HIGH | — | 0 |
| CVE-2024-5967 A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows ... | 2.7 | LOW | — | 0 |
| CVE-2024-6109 A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-6110 A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file con... | 7.3 | HIGH | — | 0 |
| CVE-2024-6111 A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2024-38347 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | 8.8 | HIGH | — | 0 |
| CVE-2024-6112 A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the ... | 7.3 | HIGH | — | 0 |
| CVE-2024-6114 A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2024-5275 A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploi... | 7.8 | HIGH | — | 0 |
| CVE-2024-37802 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | 8.8 | HIGH | — | 0 |
| CVE-2024-37904 Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones us... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-12246 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.