Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-9436 The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without a... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9507 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-9543 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9610 The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9611 The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the UR... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9616 The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-44734 Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | 7.5 | HIGH | — | 0 |
| CVE-2024-46215 A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the len... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-44807 A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a l... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-46532 SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and S... | 8.5 | HIGH | — | 0 |
| CVE-2024-48033 Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-48041 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-48768 An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | 7.5 | HIGH | — | 0 |
| CVE-2024-48769 An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-48770 An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 8.2 | HIGH | — | 0 |
| CVE-2024-48771 An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | 7.5 | HIGH | — | 0 |
| CVE-2024-48772 An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-48788 An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | 7.5 | HIGH | — | 0 |
| CVE-2024-45754 An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection ca... | 7.2 | HIGH | — | 0 |
| CVE-2024-9592 The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the '... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9821 The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versi... | 8.8 | HIGH | — | 0 |
| CVE-2024-9860 The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-7489 The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-9187 The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This mak... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48253 Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9656 The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and out... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9670 The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9824 The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' fun... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-8760 The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8915 The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8757 The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is v... | 7.2 | HIGH | — | 0 |
| CVE-2024-9922 The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 7.5 | HIGH | — | 0 |
| CVE-2024-9894 A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail l... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-49193 Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization f... | 7.5 | HIGH | — | 0 |
| CVE-2024-9905 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventor... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-9906 A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The m... | 3.5 | LOW | — | 0 |
| CVE-2024-9907 A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verificat... | 3.7 | LOW | — | 0 |
| CVE-2024-9908 A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argumen... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-9923 The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root dire... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-9909 A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of th... | 8.8 | HIGH | — | 0 |
| CVE-2024-9910 A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2024-9911 A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument cu... | 8.8 | HIGH | — | 0 |
| CVE-2024-9912 A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argum... | 8.8 | HIGH | — | 0 |
| CVE-2024-9913 A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument cur... | 8.8 | HIGH | — | 0 |
| CVE-2024-9924 The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may b... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43701 Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | 7.8 | HIGH | — | 0 |
| CVE-2024-9914 A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the ... | 8.8 | HIGH | — | 0 |
| CVE-2024-9915 A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the... | 8.8 | HIGH | — | 0 |
| CVE-2024-9916 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulat... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.