Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-23586 HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-9294 A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file save... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-8353 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-8547 The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8788 The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-9023 The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-9189 The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-8715 The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-23938 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected instal... | 8.8 | HIGH | — | 0 |
| CVE-2024-23957 Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary cod... | 8.8 | HIGH | — | 0 |
| CVE-2024-23923 Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine ... | 8.8 | HIGH | — | 0 |
| CVE-2024-23924 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installation... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-23935 Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alp... | 8.0 | HIGH | — | 0 |
| CVE-2024-23958 Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected install... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-45359 An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-23959 Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrar... | 8.0 | HIGH | — | 0 |
| CVE-2024-23960 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations o... | 4.6 | MEDIUM | — | 0 |
| CVE-2024-23961 Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations ... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-23967 Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbit... | 8.0 | HIGH | — | 0 |
| CVE-2024-9295 A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2023-45361 An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-47847 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue aff... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-47849 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Car... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-47841 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - ... | 7.5 | HIGH | — | 0 |
| CVE-2024-9455 The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8743 The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-9532 A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulati... | 8.8 | HIGH | — | 0 |
| CVE-2024-44011 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue af... | 7.5 | HIGH | — | 0 |
| CVE-2024-44012 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subs... | 7.5 | HIGH | — | 0 |
| CVE-2024-44013 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a t... | 7.5 | HIGH | — | 0 |
| CVE-2024-44014 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax ... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-44015 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. | 7.5 | HIGH | — | 0 |
| CVE-2024-44016 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1. | 7.5 | HIGH | — | 0 |
| CVE-2024-9146 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0. | 4.9 | MEDIUM | — | 0 |
| CVE-2024-44018 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This i... | 7.5 | HIGH | — | 0 |
| CVE-2024-44023 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2... | 8.1 | HIGH | — | 0 |
| CVE-2024-44034 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. | 7.5 | HIGH | — | 0 |
| CVE-2024-47309 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-47319 Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.... | 8.0 | HIGH | — | 0 |
| CVE-2024-47323 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This iss... | 8.1 | HIGH | — | 0 |
| CVE-2024-47324 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This iss... | 7.5 | HIGH | — | 0 |
| CVE-2024-47631 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affe... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47633 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47635 Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-47639 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47642 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in F... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47643 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fus... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47644 Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6. | 7.1 | HIGH | — | 0 |
| CVE-2024-47646 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-47647 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This iss... | 5.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.