Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-26690 File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | 8.8 | HIGH | — | 0 |
| CVE-2023-26691 Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | 7.2 | HIGH | — | 0 |
| CVE-2024-40506 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | 7.3 | HIGH | — | 0 |
| CVE-2024-40507 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | 7.3 | HIGH | — | 0 |
| CVE-2024-40508 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | 7.3 | HIGH | — | 0 |
| CVE-2024-46813 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is retur... | 7.8 | HIGH | — | 0 |
| CVE-2024-40511 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | 7.3 | HIGH | — | 0 |
| CVE-2024-40512 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | 7.3 | HIGH | — | 0 |
| CVE-2024-46470 Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-46471 The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2024-46472 CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. | 8.6 | HIGH | — | 0 |
| CVE-2024-9391 A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longe... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-9395 A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-9396 It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, ... | 8.8 | HIGH | — | 0 |
| CVE-2024-41585 DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject a... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-9400 A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, F... | 8.8 | HIGH | — | 0 |
| CVE-2024-9402 Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9403 Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.... | 7.3 | HIGH | — | 0 |
| CVE-2024-41290 FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | 8.1 | HIGH | — | 0 |
| CVE-2024-41583 DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-41584 DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-41586 A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. | 8.0 | HIGH | — | 0 |
| CVE-2024-41589 DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. | 8.8 | HIGH | — | 0 |
| CVE-2024-41595 DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. | 8.0 | HIGH | — | 0 |
| CVE-2024-25691 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentiall... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-25694 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is store... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-25701 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-25702 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-38036 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentia... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-38037 There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary we... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-38038 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-38040 There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive config... | 7.5 | HIGH | — | 0 |
| CVE-2024-8148 There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary we... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-46078 itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | 7.5 | HIGH | — | 0 |
| CVE-2024-57633 An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | HIGH | — | 0 |
| CVE-2024-20101 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is n... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-20103 In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-45894 BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. | 4.9 | MEDIUM | — | 0 |
| CVE-2024-46887 The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge a... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8488 The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escap... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-31068 Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-43484 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-43565 Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-46410 PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | 4.8 | MEDIUM | — | 0 |
| CVE-2024-47822 Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. Th... | 4.2 | MEDIUM | — | 0 |
| CVE-2024-46316 DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary... | 8.0 | HIGH | — | 0 |
| CVE-2024-9936 When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-24431 A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | 7.5 | HIGH | — | 0 |
| CVE-2024-48153 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48278 Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.