Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-46333 An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-46256 A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-46257 A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46510 ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | 7.6 | HIGH | — | 0 |
| CVE-2024-46540 A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells t... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-28809 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credential... | 8.8 | HIGH | — | 0 |
| CVE-2024-28810 An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-28812 An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating sys... | 8.8 | HIGH | — | 0 |
| CVE-2024-28813 An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpe... | 8.4 | HIGH | — | 0 |
| CVE-2024-28807 An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain variou... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28808 An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web appl... | 2.7 | LOW | — | 0 |
| CVE-2024-42514 A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate acce... | 8.1 | HIGH | — | 0 |
| CVE-2024-20498 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2023-26771 Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can e... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20499 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2024-20500 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in t... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20501 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condi... | 8.6 | HIGH | — | 0 |
| CVE-2024-20502 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on a... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20509 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN s... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-20513 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for ... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-41588 The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters pas... | 8.0 | HIGH | — | 0 |
| CVE-2024-41590 Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor3... | 8.0 | HIGH | — | 0 |
| CVE-2024-41592 DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | 8.0 | HIGH | — | 0 |
| CVE-2025-22698 Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Su... | N/A | NONE | — | 0 |
| CVE-2024-41596 Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | 8.0 | HIGH | — | 0 |
| CVE-2024-41511 A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. | 3.9 | LOW | — | 0 |
| CVE-2024-41512 A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | 8.8 | HIGH | — | 0 |
| CVE-2024-41513 A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41514 A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41515 A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41516 A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-26770 TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47913 An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFil... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-22702 Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46325 TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-46278 Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. | 8.4 | HIGH | — | 0 |
| CVE-2024-44068 An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privile... | 8.1 | HIGH | — | 0 |
| CVE-2024-9021 In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script,... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-47196 A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current w... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-46292 A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it can... | 7.5 | HIGH | — | 0 |
| CVE-2024-45184 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Mod... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-46468 A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2024-46911 Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content an... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-48249 Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | 7.3 | HIGH | — | 0 |
| CVE-2023-31493 RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing ex... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-21206 Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vul... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48655 An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. | 8.8 | HIGH | — | 0 |
| CVE-2024-21211 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE... | 3.7 | LOW | — | 0 |
| CVE-2024-20280 A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configurati... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46212 An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.