Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-52564 Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall functi... | N/A | NONE | — | 0 |
| CVE-2024-52270 User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once downlo... | N/A | NONE | — | 0 |
| CVE-2024-54126 This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges wi... | N/A | NONE | — | 0 |
| CVE-2024-54127 This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by acces... | N/A | NONE | — | 0 |
| CVE-2024-12227 A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Han... | 5.5 | MEDIUM | — | 0 |
| CVE-2017-13308 In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege wit... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0937 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-12228 A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argumen... | 7.3 | HIGH | — | 0 |
| CVE-2024-52271 User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed ... | N/A | NONE | — | 0 |
| CVE-2024-12229 A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The ... | 7.3 | HIGH | — | 0 |
| CVE-2024-12230 A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php... | 7.3 | HIGH | — | 0 |
| CVE-2024-53856 rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1. | 7.5 | HIGH | — | 0 |
| CVE-2024-53857 rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message... | 7.5 | HIGH | — | 0 |
| CVE-2024-54129 The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when... | N/A | NONE | — | 0 |
| CVE-2024-54130 The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle w... | N/A | NONE | — | 0 |
| CVE-2024-12064 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2024-12234 A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The ... | 7.3 | HIGH | — | 0 |
| CVE-2024-53490 Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. | 7.5 | HIGH | — | 0 |
| CVE-2024-53846 OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regre... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-11156 An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If ... | 7.8 | HIGH | — | 0 |
| CVE-2024-12130 An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries... | 7.8 | HIGH | — | 0 |
| CVE-2023-48010 STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50913 Oxide control plane software before 5 allows SSRF. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-41579 DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-53442 whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-53523 JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. | 7.5 | HIGH | — | 0 |
| CVE-2024-54140 sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a chec... | N/A | NONE | — | 0 |
| CVE-2018-9386 In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execut... | 6.7 | MEDIUM | — | 0 |
| CVE-2018-9388 In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privileg... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-9390 In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System exe... | 6.7 | MEDIUM | — | 0 |
| CVE-2018-9391 In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds ... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-30961 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-t... | 7.8 | HIGH | — | 0 |
| CVE-2024-30963 Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script... | 7.8 | HIGH | — | 0 |
| CVE-2024-30964 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial... | 7.8 | HIGH | — | 0 |
| CVE-2024-53809 Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10836 The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output es... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11379 The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and o... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-10578 The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all version... | 8.8 | HIGH | — | 0 |
| CVE-2024-11201 The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11585 The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in a... | 7.5 | HIGH | — | 0 |
| CVE-2024-11178 The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or tim... | 8.1 | HIGH | — | 0 |
| CVE-2024-51815 Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. | 9.0 | CRITICAL | — | 0 |
| CVE-2024-10320 The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-10689 The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10692 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal wi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10849 The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and outpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11276 The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and includi... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11292 The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possib... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-11323 The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() f... | 8.8 | HIGH | — | 0 |
| CVE-2024-11336 The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce valida... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.