Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-3408 man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3429 A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4320 A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route han... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4881 A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper... | 7.5 | HIGH | — | 0 |
| CVE-2024-4888 BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability ... | 8.1 | HIGH | — | 0 |
| CVE-2024-4890 A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' pa... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-5124 A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, ... | 7.5 | HIGH | — | 0 |
| CVE-2024-5128 An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update,... | 8.8 | HIGH | — | 0 |
| CVE-2024-49202 Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1,... | 7.6 | HIGH | — | 0 |
| CVE-2024-5129 A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset d... | 8.2 | HIGH | — | 0 |
| CVE-2024-5131 An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-5133 In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset pro... | 8.1 | HIGH | — | 0 |
| CVE-2024-5187 A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks i... | 8.8 | HIGH | — | 0 |
| CVE-2024-5206 A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability a... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-36774 An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 | HIGH | — | 0 |
| CVE-2024-5248 In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict th... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-5328 A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the a... | 9.3 | CRITICAL | — | 0 |
| CVE-2024-5478 A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's fa... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-5552 kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely ex... | 7.5 | HIGH | — | 0 |
| CVE-2023-51847 An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. | 7.5 | HIGH | — | 0 |
| CVE-2024-24192 robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-24194 robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. | 7.5 | HIGH | — | 0 |
| CVE-2024-24198 smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c. | 7.5 | HIGH | — | 0 |
| CVE-2024-4013 A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved m... | 5.6 | MEDIUM | — | 0 |
| CVE-2023-37539 The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this te... | 8.4 | HIGH | — | 0 |
| CVE-2022-4968 netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6876 The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme'... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1689 The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-32475 Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. | 7.6 | HIGH | — | 0 |
| CVE-2024-1768 The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-3987 The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insuf... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-5607 The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1988 The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in block... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-36082 SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Inf... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-4887 The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_b... | 7.5 | HIGH | — | 0 |
| CVE-2024-5425 The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization an... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4902 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to ins... | 7.2 | HIGH | — | 0 |
| CVE-2024-5612 The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versi... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5640 The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Paci... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6491 The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-3288 The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-3592 The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-4042 The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-32727 Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-4354 The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4451 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insuffic... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4488 The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4489 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insuf... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-30465 Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.