Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-45738 Rejected reason: This is unused. | N/A | NONE | — | 0 |
| CVE-2024-7777 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due t... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-7780 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id param... | 7.2 | HIGH | — | 0 |
| CVE-2024-7782 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insuffi... | 8.7 | HIGH | — | 0 |
| CVE-2024-43688 cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring. | 7.3 | HIGH | — | 0 |
| CVE-2024-25009 Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in servic... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-42335 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | MEDIUM | — | 0 |
| CVE-2019-8418 SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | N/A | NONE | — | 0 |
| CVE-2024-42336 Servision - CWE-287: Improper Authentication | 8.2 | HIGH | — | 0 |
| CVE-2024-42559 An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42566 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42567 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42570 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42572 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42574 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42575 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-42577 A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2024-42579 A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2024-42580 A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2023-45850 Rejected reason: This is unused. | N/A | NONE | — | 0 |
| CVE-2024-42581 A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2024-42582 A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2024-42583 A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2024-6918 CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over po... | 7.5 | HIGH | — | 0 |
| CVE-2024-42608 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. | 8.8 | HIGH | — | 0 |
| CVE-2024-6377 An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect ... | 8.1 | HIGH | — | 0 |
| CVE-2024-6378 A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execut... | 8.7 | HIGH | — | 0 |
| CVE-2024-6379 A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user... | 7.7 | HIGH | — | 0 |
| CVE-2024-8003 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log ... | 3.5 | LOW | — | 0 |
| CVE-2024-43496 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2023-45485 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-0663 Rejected reason: REJECT: This is a false positive report. | N/A | NONE | — | 0 |
| CVE-2024-0706 Rejected reason: ***REJECT*** This was a false positive report. | N/A | NONE | — | 0 |
| CVE-2024-8005 A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. Th... | 7.3 | HIGH | — | 0 |
| CVE-2024-30949 An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35540 A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 9.0 | CRITICAL | — | 0 |
| CVE-2024-42369 matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's ge... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-42603 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | 8.8 | HIGH | — | 0 |
| CVE-2024-42604 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3 | 8.8 | HIGH | — | 0 |
| CVE-2024-42605 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | 8.8 | HIGH | — | 0 |
| CVE-2024-42606 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | 8.8 | HIGH | — | 0 |
| CVE-2022-45791 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2022-45795 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2023-48729 Rejected reason: This is unused. | N/A | NONE | — | 0 |
| CVE-2024-42607 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | 8.8 | HIGH | — | 0 |
| CVE-2024-42609 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars | 8.8 | HIGH | — | 0 |
| CVE-2024-42610 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files | 8.8 | HIGH | — | 0 |
| CVE-2024-42611 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | 8.8 | HIGH | — | 0 |
| CVE-2024-42613 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet | 8.8 | HIGH | — | 0 |
| CVE-2024-42617 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.