Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-20258 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20260 A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vuln... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-5914 Cross-site scripting (XSS) | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20271 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL i... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-50950 IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | 3.7 | LOW | — | 0 |
| CVE-2024-20251 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack agains... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-20277 A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command in... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-7031 Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Aff... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-0647 A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22410 Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has acc... | 3.3 | LOW | — | 0 |
| CVE-2024-22414 flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-0648 A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argum... | 7.3 | HIGH | — | 0 |
| CVE-2024-0649 A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the comp... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-22416 pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`,... | 9.6 | CRITICAL | — | 0 |
| CVE-2021-4433 A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6184 Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | 5.0 | MEDIUM | — | 0 |
| CVE-2024-0651 A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.p... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0652 A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. Th... | 3.5 | LOW | — | 0 |
| CVE-2024-0654 A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation l... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0655 A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of t... | 5.5 | MEDIUM | — | 0 |
| CVE-2013-3973 SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2024-0580 Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-5806 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Manageme... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0669 A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-3021 Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadRe... | N/A | NONE | — | 0 |
| CVE-2023-6958 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-22317 IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restrict... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-40051 This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-40052 This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce ... | 7.5 | HIGH | — | 0 |
| CVE-2023-7153 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Mac... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-22593 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | 8.8 | HIGH | — | 0 |
| CVE-2024-22403 Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time... | 3.0 | LOW | — | 0 |
| CVE-2024-0607 A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iterat... | 6.6 | MEDIUM | — | 0 |
| CVE-2023-28900 The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-28901 The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-22603 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | 8.8 | HIGH | — | 0 |
| CVE-2023-31274 AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-34348 AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a den... | 7.5 | HIGH | — | 0 |
| CVE-2024-22212 Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an atta... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-22419 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing... | 7.3 | HIGH | — | 0 |
| CVE-2024-22213 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious c... | 0.0 | NONE | — | 0 |
| CVE-2024-22400 Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It i... | 3.1 | LOW | — | 0 |
| CVE-2023-51258 A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-22401 Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-22402 Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-22404 Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It ... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-22415 jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in... | 7.3 | HIGH | — | 0 |
| CVE-2024-20823 Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-22418 Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute a... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-43815 A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit thi... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.