CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-48615 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-51525 Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2023-48616 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48617 Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48618 Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48619 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48620 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48621 Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41217 A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-48622 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48623 Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48624 Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-5989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute S... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-32242 Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51074 json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-51075 hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the ... | 7.5 | HIGH | — | 0 |
| CVE-2023-51080 The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | 7.5 | HIGH | — | 0 |
| CVE-2023-6944 A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the s... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-0266 A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-21320 Windows Themes Spoofing Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-0498 A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-35181 Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-35182 Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-36112 Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-36019 In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array ... | 7.1 | HIGH | — | 0 |
| CVE-2024-42035 Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. | 8.4 | HIGH | — | 0 |
| CVE-2024-36028 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning ... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-36032 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off th... | 7.1 | HIGH | — | 0 |
| CVE-2024-36033 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab... | 7.1 | HIGH | — | 0 |
| CVE-2024-36887 In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround for ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36892 In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object fre... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-24453 An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-36895 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. C... | 7.8 | HIGH | — | 0 |
| CVE-2024-36898 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the l... | 7.8 | HIGH | — | 0 |
| CVE-2024-36906 In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ===========================================... | 7.8 | HIGH | — | 0 |
| CVE-2024-36917 In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occur... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-27372 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation che... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-36918 In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MA... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36936 In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel m... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36937 In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will se... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36945 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and rt... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36528 nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php... | 8.8 | HIGH | — | 0 |
| CVE-2024-24454 An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-36947 In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positives in subtree. For the cases when it... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5138 The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse c... | 8.1 | HIGH | — | 0 |
| CVE-2024-36961 In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs c... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36963 In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in ... | 7.8 | HIGH | — | 0 |
| CVE-2024-4332 An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication ... | N/A | NONE | — | 0 |
| CVE-2021-3899 There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | 7.8 | HIGH | — | 0 |
| CVE-2022-0555 Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | 8.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.