Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-48901 A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId funct... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48902 An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authenticati... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48903 Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadC... | 6.1 | MEDIUM | — | 0 |
| CVE-2008-6655 Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php;... | N/A | NONE | — | 0 |
| CVE-2024-29131 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fi... | 7.3 | HIGH | — | 0 |
| CVE-2024-29133 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fi... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in gith... | 7.5 | HIGH | — | 0 |
| CVE-2024-29374 A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-30205 In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | 7.1 | HIGH | — | 0 |
| CVE-2024-28593 The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-47172 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30202 In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | 7.8 | HIGH | — | 0 |
| CVE-2024-30203 In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30204 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | 2.8 | LOW | — | 0 |
| CVE-2024-1745 The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 sett... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-29644 Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-23722 In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could resu... | 7.5 | HIGH | — | 0 |
| CVE-2024-29735 Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissio... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-52627 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with th... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-25421 An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29812 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-24334 A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | 8.4 | HIGH | — | 0 |
| CVE-2024-29804 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPres... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29805 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with... | 7.1 | HIGH | — | 0 |
| CVE-2024-29806 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaur... | 7.1 | HIGH | — | 0 |
| CVE-2024-29807 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-45847 Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34020 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-39311 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | 7.1 | HIGH | — | 0 |
| CVE-2024-23510 Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-20259 A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of servi... | 8.6 | HIGH | — | 0 |
| CVE-2024-24407 SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-20629 Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of ... | 6.7 | MEDIUM | — | 0 |
| CVE-2008-6512 Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin fu... | N/A | NONE | — | 0 |
| CVE-2024-3078 A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the compone... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-3081 A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of t... | 3.5 | LOW | — | 0 |
| CVE-2024-29900 Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js hea... | 7.5 | HIGH | — | 0 |
| CVE-2025-21081 Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.5 | MEDIUM | — | 0 |
| CVE-2024-29904 CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of ... | 7.5 | HIGH | — | 0 |
| CVE-2024-30247 NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user ... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-2262 Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the ... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-2263 Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high priv... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-2278 Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-29433 A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29435 An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. | 4.1 | MEDIUM | — | 0 |
| CVE-2024-2369 The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could ... | 5.4 | MEDIUM | — | 0 |
| CVE-2009-1052 FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct ... | N/A | NONE | — | 0 |
| CVE-2009-1053 chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct... | N/A | NONE | — | 0 |
| CVE-2023-27337 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChang... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.