CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-49974 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /custome... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-49976 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /custome... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49977 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /custome... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-28154 Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28155 Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan con... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-28156 Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-50716 eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-46089 Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injecte... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-24767 CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads t... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-49986 A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected i... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-49987 A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49988 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | 7.5 | HIGH | — | 0 |
| CVE-2023-49989 Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51281 Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address para... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-20031 Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | 6.5 | MEDIUM | — | 0 |
| CVE-2008-6625 SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter. | N/A | NONE | — | 0 |
| CVE-2022-46497 Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. | 8.1 | HIGH | — | 0 |
| CVE-2022-46498 Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. | 2.7 | LOW | — | 0 |
| CVE-2022-46499 Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. | 8.8 | HIGH | — | 0 |
| CVE-2023-41014 code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41015 code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-1725 A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's v... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-26309 Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-28816 Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php. | 7.1 | HIGH | — | 0 |
| CVE-2024-1441 An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0047 In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deseriali... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0053 In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional ex... | 3.3 | LOW | — | 0 |
| CVE-2023-52490 In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52492 In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure,... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-0559 The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1279 The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1487 The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting a... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-26608 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix gl... | 7.8 | HIGH | — | 0 |
| CVE-2024-26612 In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26614 In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following iss... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-22005 there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed... | 8.4 | HIGH | — | 0 |
| CVE-2024-22006 OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-22007 In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-22008 In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges nee... | 7.8 | HIGH | — | 0 |
| CVE-2024-22009 In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... | 7.1 | HIGH | — | 0 |
| CVE-2024-22010 In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. Us... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-22011 In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional executio... | 7.5 | HIGH | — | 0 |
| CVE-2024-25984 In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges ne... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-25985 In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... | 8.4 | HIGH | — | 0 |
| CVE-2024-25986 In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execu... | 7.8 | HIGH | — | 0 |
| CVE-2024-25987 In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User i... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-25988 In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution ... | 8.4 | HIGH | — | 0 |
| CVE-2024-25989 In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privil... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-25990 In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execut... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-25991 In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges n... | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.