Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-52534 In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | 5.9 | MEDIUM | — | 0 |
| CVE-2023-52535 In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | 4.4 | MEDIUM | — | 0 |
| CVE-2024-23658 In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | 4.4 | MEDIUM | — | 0 |
| CVE-2024-1292 The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used agai... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-1956 The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scr... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-28224 Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-1664 The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-31860 Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can acce... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-28656 Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-47894 Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that f... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-31862 Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-31865 Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-31866 Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31868 Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-31867 Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Z... | 6.5 | MEDIUM | — | 0 |
| CVE-2012-6560 SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. | N/A | NONE | — | 0 |
| CVE-2024-24245 An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | 7.8 | HIGH | — | 0 |
| CVE-2024-0662 The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. T... | 4.4 | MEDIUM | — | 0 |
| CVE-2008-6513 Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then a... | N/A | NONE | — | 0 |
| CVE-2008-6514 The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3... | N/A | NONE | — | 0 |
| CVE-2008-6515 Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to... | N/A | NONE | — | 0 |
| CVE-2023-6695 The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated at... | 6.5 | MEDIUM | — | 0 |
| CVE-2012-6561 Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of... | N/A | NONE | — | 0 |
| CVE-2009-1049 SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2009-1050 Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | N/A | NONE | — | 0 |
| CVE-2024-3446 A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. ... | 8.2 | HIGH | — | 0 |
| CVE-2023-50347 HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands ... | 3.7 | LOW | — | 0 |
| CVE-2024-2026 The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6385 The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2428 The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-3567 A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47189 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-47192 In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: co... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-42764 Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. | 9.4 | CRITICAL | — | 0 |
| CVE-2023-6257 The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-30885 Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | 6.1 | MEDIUM | — | 0 |
| CVE-2024-0881 The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be d... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-29400 An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | 7.5 | HIGH | — | 0 |
| CVE-2024-21610 An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to c... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2583 The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for use... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-6067 The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which c... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-44915 An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | MEDIUM | — | 0 |
| CVE-2023-7201 The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1204 The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1660 The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-1746 The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1754 The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-1755 The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 8.8 | HIGH | — | 0 |
| CVE-2024-1846 The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1849 The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.