CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-34551 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-34552 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9... | 8.5 | HIGH | — | 0 |
| CVE-2024-34554 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a... | 8.5 | HIGH | — | 0 |
| CVE-2024-34792 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-35629 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File In... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-35634 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerc... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-35654 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-35666 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-35668 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected ... | 7.1 | HIGH | — | 0 |
| CVE-2024-35782 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elem... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-50803 An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 133... | 3.7 | LOW | — | 0 |
| CVE-2024-32871 Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of ... | 7.5 | HIGH | — | 0 |
| CVE-2024-35649 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF pl... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-35651 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a thr... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-35652 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Even... | 7.1 | HIGH | — | 0 |
| CVE-2024-34759 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-36400 nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` function... | 9.4 | CRITICAL | — | 0 |
| CVE-2024-36547 idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add | 8.8 | HIGH | — | 0 |
| CVE-2024-36548 idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del | 8.8 | HIGH | — | 0 |
| CVE-2024-36549 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close | 8.8 | HIGH | — | 0 |
| CVE-2024-36550 idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close | 8.8 | HIGH | — | 0 |
| CVE-2024-25095 Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | 7.5 | HIGH | — | 0 |
| CVE-2024-30484 Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-36675 LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-35670 Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-35672 Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19. | 7.5 | HIGH | — | 0 |
| CVE-2024-36857 Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. | 7.5 | HIGH | — | 0 |
| CVE-2024-36858 An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37273 An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-30525 Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-30528 Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-32464 Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-23326 Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-32974 Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUI... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-32975 Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegi... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-32976 Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. | 7.5 | HIGH | — | 0 |
| CVE-2024-5262 Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of wh... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34362 Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-34363 Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 ... | 7.5 | HIGH | — | 0 |
| CVE-2024-34364 Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded bu... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-4219 Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | 4.8 | MEDIUM | — | 0 |
| CVE-2024-4220 Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-28654 is_closing_session() allows users to fill up apport.log | 5.5 | MEDIUM | — | 0 |
| CVE-2022-28655 is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 | HIGH | — | 0 |
| CVE-2022-28657 Apport does not disable python crash handler before entering chroot | 7.8 | HIGH | — | 0 |
| CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30889 Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload para... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-36121 netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropria... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-12371 A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholde... | N/A | NONE | — | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.