Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-44104 An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenti... | 8.8 | HIGH | — | 0 |
| CVE-2024-8521 A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manu... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-8523 A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-24510 Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-37226 Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37227 Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37231 Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-8694 A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.adm... | 3.8 | LOW | — | 0 |
| CVE-2024-8706 A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.Template... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-46700 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2006-2174 Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day... | N/A | NONE | — | 0 |
| CVE-2024-45679 Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. | 8.4 | HIGH | — | 0 |
| CVE-2024-8437 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and w... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22893 OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing... | 7.5 | HIGH | — | 0 |
| CVE-2024-46485 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46600 dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31 | 4.7 | MEDIUM | — | 0 |
| CVE-2024-9277 A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of th... | 3.5 | LOW | — | 0 |
| CVE-2024-46333 An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-46256 A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-46257 A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46510 ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | 7.6 | HIGH | — | 0 |
| CVE-2024-46540 A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells t... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-28809 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credential... | 8.8 | HIGH | — | 0 |
| CVE-2024-28810 An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-28812 An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating sys... | 8.8 | HIGH | — | 0 |
| CVE-2024-28813 An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpe... | 8.4 | HIGH | — | 0 |
| CVE-2024-28807 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain variou... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28808 An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web appl... | 2.7 | LOW | — | 0 |
| CVE-2024-42514 A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate acce... | 8.1 | HIGH | — | 0 |
| CVE-2024-20498 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2023-26771 Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can e... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25096 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a t... | N/A | NONE | — | 0 |
| CVE-2024-20499 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2024-20500 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in t... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20501 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2024-20502 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on a... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20509 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN s... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20513 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for ... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-41588 The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters pas... | 8.0 | HIGH | — | 0 |
| CVE-2024-41590 Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor3... | 8.0 | HIGH | — | 0 |
| CVE-2024-41592 DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | 8.0 | HIGH | — | 0 |
| CVE-2025-22698 Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Su... | N/A | NONE | — | 0 |
| CVE-2024-41596 Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | 8.0 | HIGH | — | 0 |
| CVE-2024-41511 A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. | 3.9 | LOW | — | 0 |
| CVE-2024-41512 A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | 8.8 | HIGH | — | 0 |
| CVE-2024-41513 A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41514 A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41515 A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41516 A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-26770 TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.