Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-6888 The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6889 The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6926 The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-7786 The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8325 The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8318 The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4130 A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | — | 0 |
| CVE-2024-7870 The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 an... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-44400 A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43402 Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81... | 8.1 | HIGH | — | 0 |
| CVE-2024-43405 Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow ... | 7.4 | HIGH | — | 0 |
| CVE-2024-38265 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-44951 In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is... | 7.8 | HIGH | — | 0 |
| CVE-2024-44959 In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44961 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, o... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44962 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated t... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-43453 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-48786 An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-44973 In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deep inside do_s... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44975 In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 P... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44976 In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44979 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and access... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44980 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done by display itself. However this is... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44984 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-44994 In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is su... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45004 In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the b... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-45005 In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled ei... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39278 Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuratio... | 4.2 | MEDIUM | — | 0 |
| CVE-2024-42495 Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuratio... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-7415 The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php f... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-45299 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-45300 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of ... | 7.5 | HIGH | — | 0 |
| CVE-2023-45038 An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have a... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-47563 An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fix... | 7.4 | HIGH | — | 0 |
| CVE-2023-50360 A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed ... | 8.8 | HIGH | — | 0 |
| CVE-2024-43500 Windows Resilient File System (ReFS) Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-6010 The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulat... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-6928 The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5561 The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6910 The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unf... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-7687 The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-7688 The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack | 6.5 | MEDIUM | — | 0 |
| CVE-2024-7689 The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Sto... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-7918 The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-45128 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged att... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-7260 An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-7318 A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6596 An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-7734 An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-48787 An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.