Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-6377 An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect ... | 8.1 | HIGH | — | 0 |
| CVE-2024-6378 A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execut... | 8.7 | HIGH | — | 0 |
| CVE-2024-6379 A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user... | 7.7 | HIGH | — | 0 |
| CVE-2024-8003 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log ... | 3.5 | LOW | — | 0 |
| CVE-2024-43496 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2023-45485 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-0663 Rejected reason: REJECT: This is a false positive report. | N/A | NONE | — | 0 |
| CVE-2024-0706 Rejected reason: ***REJECT*** This was a false positive report. | N/A | NONE | — | 0 |
| CVE-2024-8005 A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. Th... | 7.3 | HIGH | — | 0 |
| CVE-2024-30949 An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35540 A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 9.0 | CRITICAL | — | 0 |
| CVE-2024-42369 matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's ge... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-42603 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | 8.8 | HIGH | — | 0 |
| CVE-2024-42604 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3 | 8.8 | HIGH | — | 0 |
| CVE-2024-42605 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | 8.8 | HIGH | — | 0 |
| CVE-2024-42606 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | 8.8 | HIGH | — | 0 |
| CVE-2022-45791 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2022-45795 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2023-48729 Rejected reason: This is unused. | N/A | NONE | — | 0 |
| CVE-2024-42607 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | 8.8 | HIGH | — | 0 |
| CVE-2024-42609 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars | 8.8 | HIGH | — | 0 |
| CVE-2024-42610 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files | 8.8 | HIGH | — | 0 |
| CVE-2024-42611 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | 8.8 | HIGH | — | 0 |
| CVE-2024-42613 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet | 8.8 | HIGH | — | 0 |
| CVE-2024-42617 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 | 8.8 | HIGH | — | 0 |
| CVE-2024-42618 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma | 8.8 | HIGH | — | 0 |
| CVE-2024-42621 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php | 8.8 | HIGH | — | 0 |
| CVE-2024-43376 Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-43377 Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-42915 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-43397 Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-43404 MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43406 LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of m... | 8.8 | HIGH | — | 0 |
| CVE-2024-43409 Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Thi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43408 Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f3... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-41773 IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-42781 A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email param... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23854 Rejected reason: This CVE ID was unused by the CNA. | N/A | NONE | — | 0 |
| CVE-2023-6470 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. | N/A | NONE | — | 0 |
| CVE-2023-45916 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-42363 Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the ... | 8.8 | HIGH | — | 0 |
| CVE-2024-43403 Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit"... | 8.8 | HIGH | — | 0 |
| CVE-2024-8022 A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?la... | 3.5 | LOW | — | 0 |
| CVE-2024-5880 The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password p... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-6568 The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledete... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-6767 The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-45921 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2023-45932 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2023-48734 Rejected reason: This is unused. | N/A | NONE | — | 0 |
| CVE-2024-7013 Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.