Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-47599 Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Man... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-28491 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-28788 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This i... | 7.1 | HIGH | — | 0 |
| CVE-2023-29096 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue ... | 8.5 | HIGH | — | 0 |
| CVE-2023-29432 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress ... | 8.2 | HIGH | — | 0 |
| CVE-2023-49161 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. | 7.6 | HIGH | — | 0 |
| CVE-2023-49166 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | 7.6 | HIGH | — | 0 |
| CVE-2023-49752 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads ... | 9.3 | CRITICAL | — | 0 |
| CVE-2023-28170 Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-29102 Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-29384 Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: fro... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-31215 Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-31231 Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Element... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-33318 Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-34007 Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-34385 Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-40204 Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-45603 Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable User... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-46149 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-47784 Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. | 8.4 | HIGH | — | 0 |
| CVE-2023-47990 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49814 Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-44684 Windows Local Session Manager (LSM) Denial of Service Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23970 Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-25970 Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | 10.0 | CRITICAL | — | 0 |
| CVE-2023-48433 Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters re... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37225 Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-48434 Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters rece... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50639 Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-50983 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50984 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50985 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50986 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51097 Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50987 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50988 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50989 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50990 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50992 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50993 Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41166 An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-45703 HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-46131 Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework applicatio... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-47093 An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-51390 journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integrati... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-0723 A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0725 A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initia... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0726 A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the compo... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22914 A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-0728 A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c... | 4.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.