CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-0500 A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipu... | 2.4 | LOW | — | 0 |
| CVE-2024-0501 A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage In... | 2.4 | LOW | — | 0 |
| CVE-2024-0502 A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the compo... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-0503 A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argumen... | 3.5 | LOW | — | 0 |
| CVE-2024-0505 A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the c... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0522 A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Ha... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-0523 A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. Th... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0524 A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argume... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0525 A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0526 A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Ha... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0527 A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the componen... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0528 A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handl... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0529 A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0530 A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Requ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0531 A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. T... | 7.2 | HIGH | — | 0 |
| CVE-2023-48383 NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication ... | 7.5 | HIGH | — | 0 |
| CVE-2024-0533 A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management... | 7.2 | HIGH | — | 0 |
| CVE-2024-0534 A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. Th... | 7.2 | HIGH | — | 0 |
| CVE-2024-0535 A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of th... | 8.8 | HIGH | — | 0 |
| CVE-2024-0536 A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2024-0537 A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex lea... | 8.8 | HIGH | — | 0 |
| CVE-2024-0538 A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2023-49107 Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0539 A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex le... | 8.8 | HIGH | — | 0 |
| CVE-2024-0540 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex lead... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0541 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the ... | 8.8 | HIGH | — | 0 |
| CVE-2024-0542 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2023-6457 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitach... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-0543 A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argumen... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0546 A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denia... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0547 A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulat... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0548 A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6915 A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing che... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-4001 An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-5253 A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data withou... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-20709 Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-20721 Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-42134 PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The a... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-4302 Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipien... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-42135 PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific p... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-42136 PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with ... | 7.8 | HIGH | — | 0 |
| CVE-2023-42137 PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have ... | 7.8 | HIGH | — | 0 |
| CVE-2023-50729 Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server.... | 8.4 | HIGH | — | 0 |
| CVE-2024-0314 XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-4303 ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully lo... | 8.8 | HIGH | — | 0 |
| CVE-2024-22207 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's director... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0317 Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' p... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0318 Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters t... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0319 Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0320 Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to ret... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.