Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-12487 Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege. | 7.0 | HIGH | — | 0 |
| CVE-2024-11034 The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire... | 7.3 | HIGH | — | 0 |
| CVE-2024-11228 The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11229 The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11231 The 우커머스 네이버페이 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11631 A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-11646 A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php.... | 7.3 | HIGH | — | 0 |
| CVE-2024-11647 A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-ap... | 7.3 | HIGH | — | 0 |
| CVE-2024-11648 A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2024-11649 A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The ... | 7.3 | HIGH | — | 0 |
| CVE-2024-10270 A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resourc... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-10451 A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leadi... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-10492 A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high acc... | N/A | NONE | — | 0 |
| CVE-2024-11980 Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial de... | 8.6 | HIGH | — | 0 |
| CVE-2024-11662 A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-9666 A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-23282 Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM sof... | 5.2 | MEDIUM | — | 0 |
| CVE-2022-33861 IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. | 5.1 | MEDIUM | — | 0 |
| CVE-2022-33862 IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-12491 Improper control of framework service permissions with possibility of some sensitive device information leakage. | N/A | NONE | — | 0 |
| CVE-2020-12492 Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | N/A | NONE | — | 0 |
| CVE-2024-45756 An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can ... | 7.2 | HIGH | — | 0 |
| CVE-2024-7915 The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file de... | 7.8 | HIGH | — | 0 |
| CVE-2024-8272 The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service... | 7.8 | HIGH | — | 0 |
| CVE-2024-32468 Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in ge... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-52811 The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_r... | 8.2 | HIGH | — | 0 |
| CVE-2024-53599 A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | MEDIUM | — | 0 |
| CVE-2018-7738 In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) ... | N/A | NONE | — | 0 |
| CVE-2018-0233 A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause th... | N/A | NONE | — | 0 |
| CVE-2015-9436 The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2018-0278 A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to impr... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-0281 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, r... | N/A | NONE | — | 0 |
| CVE-2018-0283 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, r... | N/A | NONE | — | 0 |
| CVE-2018-0333 A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic ... | N/A | NONE | — | 0 |
| CVE-2020-12149 The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, all... | 6.8 | MEDIUM | — | 0 |
| CVE-2018-0365 A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and per... | N/A | NONE | — | 0 |
| CVE-2018-0370 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus ... | N/A | NONE | — | 0 |
| CVE-2018-0383 A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to ... | N/A | NONE | — | 0 |
| CVE-2018-0384 A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traff... | N/A | NONE | — | 0 |
| CVE-2024-39162 pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 6.1 | MEDIUM | — | 0 |
| CVE-2018-0385 A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of... | 7.5 | HIGH | — | 0 |
| CVE-2018-16303 PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | N/A | NONE | — | 0 |
| CVE-2018-15397 A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Softwa... | 6.8 | MEDIUM | — | 0 |
| CVE-2018-12122 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP... | 7.5 | HIGH | — | 0 |
| CVE-2019-1709 A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient... | N/A | NONE | — | 0 |
| CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL h... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-15458 A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to c... | N/A | NONE | — | 0 |
| CVE-2019-1642 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack... | N/A | NONE | — | 0 |
| CVE-2018-19440 ARM Trusted Firmware-A allows information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2015-9437 The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.