Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-43800 Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the loca... | 7.3 | HIGH | — | 0 |
| CVE-2023-45958 Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-43801 Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A u... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-45146 XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, atta... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-45812 The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS)... | 7.5 | HIGH | — | 0 |
| CVE-2023-45814 Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's `AuthenticationService` only supported injecting `I... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-24404 Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-37502 HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | 9.0 | CRITICAL | — | 0 |
| CVE-2023-45909 zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34437 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the ... | 7.5 | HIGH | — | 0 |
| CVE-2023-34441 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communic... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-36857 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to g... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-37504 HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be disc... | 7.1 | HIGH | — | 0 |
| CVE-2022-25332 The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor p... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-4645 The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sen... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-5336 The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping o... | 8.8 | HIGH | — | 0 |
| CVE-2023-5638 The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5639 The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-37503 HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | 8.1 | HIGH | — | 0 |
| CVE-2023-5407 Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-46228 zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. | 7.8 | HIGH | — | 0 |
| CVE-2023-46229 LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 | HIGH | — | 0 |
| CVE-2023-34050 In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of da... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-25753 There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve correspondin... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-24400 A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 7.5 | HIGH | — | 0 |
| CVE-2022-24401 Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast b... | 8.8 | HIGH | — | 0 |
| CVE-2022-24402 The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficie... | 8.8 | HIGH | — | 0 |
| CVE-2022-25333 The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the... | 8.2 | HIGH | — | 0 |
| CVE-2022-25334 The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A mod... | 8.2 | HIGH | — | 0 |
| CVE-2022-26941 A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-26942 The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the o... | 8.2 | HIGH | — | 0 |
| CVE-2022-26943 The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the p... | 8.8 | HIGH | — | 0 |
| CVE-2025-23909 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-27813 Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to en... | 8.1 | HIGH | — | 0 |
| CVE-2023-46227 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are ... | 7.5 | HIGH | — | 0 |
| CVE-2022-37830 Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | 9.6 | CRITICAL | — | 0 |
| CVE-2023-43252 XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | 7.8 | HIGH | — | 0 |
| CVE-2023-45379 In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45384 KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27795 An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | 7.8 | HIGH | — | 0 |
| CVE-2023-45883 A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM ... | 7.8 | HIGH | — | 0 |
| CVE-2023-31046 A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-35180 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | 8.0 | HIGH | — | 0 |
| CVE-2023-35181 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | 7.8 | HIGH | — | 0 |
| CVE-2023-35182 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | 8.8 | HIGH | — | 0 |
| CVE-2023-35183 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | 7.8 | HIGH | — | 0 |
| CVE-2023-35184 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code ... | 8.8 | HIGH | — | 0 |
| CVE-2023-35186 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execut... | 8.0 | HIGH | — | 0 |
| CVE-2023-35187 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 8.8 | HIGH | — | 0 |
| CVE-2023-43251 XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.