CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-37314 Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud En... | 3.5 | LOW | โ | 0 |
| CVE-2024-37367 A user authentication vulnerability exists in the Rockwell Automation FactoryTalkยฎ View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customerโs serv... | 7.5 | HIGH | โ | 0 |
| CVE-2024-37315 Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recom... | 3.5 | LOW | โ | 0 |
| CVE-2024-0066 Johan Fagerstrรถm, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this f... | 5.3 | MEDIUM | โ | 0 |
| CVE-2024-37316 Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommende... | 4.6 | MEDIUM | โ | 0 |
| CVE-2024-37317 The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app wo... | 4.6 | MEDIUM | โ | 0 |
| CVE-2024-37882 Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is... | 8.1 | HIGH | โ | 0 |
| CVE-2024-37883 Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access commen... | 4.3 | MEDIUM | โ | 0 |
| CVE-2024-37889 MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial informa... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-43628 Windows Telephony Service Remote Code Execution Vulnerability | 8.8 | HIGH | โ | 0 |
| CVE-2024-37884 Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that ... | 3.5 | LOW | โ | 0 |
| CVE-2024-37885 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when startin... | 3.8 | LOW | โ | 0 |
| CVE-2024-24320 Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the l... | 8.8 | HIGH | โ | 0 |
| CVE-2024-36598 An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | 8.1 | HIGH | โ | 0 |
| CVE-2024-37888 The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects... | 6.1 | MEDIUM | โ | 0 |
| CVE-2024-37831 Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-30119 HCL DRYiCE Optibot Reset Stationย is impacted by a missing Strict Transport Security Header. ย This could allow an attacker to intercept or manipulate data during redirection. | 3.7 | LOW | โ | 0 |
| CVE-2024-6003 A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. Th... | 7.3 | HIGH | โ | 0 |
| CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50647 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2024-3813 The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it... | 8.8 | HIGH | โ | 0 |
| CVE-2025-50649 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50652 An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50654 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2024-5862 Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: bef... | 7.5 | HIGH | โ | 0 |
| CVE-2024-3815 The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitizati... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-50661 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | โ | 0 |
| CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50663 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | 7.5 | HIGH | โ | 0 |
| CVE-2025-50664 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a cra... | 7.5 | HIGH | โ | 0 |
| CVE-2025-50665 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | โ | 0 |
| CVE-2025-50666 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | โ | 0 |
| CVE-2024-10347 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | โ | 0 |
| CVE-2024-11191 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | โ | 0 |
| CVE-2026-33791 An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to injec... | 6.7 | MEDIUM | โ | 0 |
| CVE-2026-30809 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | 8.8 | HIGH | โ | 0 |
| CVE-2024-31870 IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. ... | 3.3 | LOW | โ | 0 |
| CVE-2024-6008 A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument i... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-6009 A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulat... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-38461 irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. | 7.5 | HIGH | โ | 0 |
| CVE-2024-11264 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | โ | 0 |
| CVE-2026-30811 Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800 | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-6013 A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argumen... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-6014 A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-6015 A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulatio... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-6016 A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php... | 6.3 | MEDIUM | โ | 0 |
| CVE-2024-36279 Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vuln... | 5.3 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.