Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-22128 SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting ... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-21497 Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0407 Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions ma... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-0563 Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-61646 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.1... | N/A | NONE | — | 0 |
| CVE-2023-6917 A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-4479 Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | 7.3 | HIGH | — | 0 |
| CVE-2024-22463 Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, lead... | 7.4 | HIGH | — | 0 |
| CVE-2024-24901 Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messa... | 3.0 | LOW | — | 0 |
| CVE-2024-27287 ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-2236 A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-2413 Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. W... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36483 Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote atta... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-24867 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a th... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4063 Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-25964 Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of servic... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61649 Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f1... | N/A | NONE | — | 0 |
| CVE-2024-2209 A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-25959 Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulner... | 7.9 | HIGH | — | 0 |
| CVE-2024-25961 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading t... | 6.0 | MEDIUM | — | 0 |
| CVE-2024-25952 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, ... | 6.0 | MEDIUM | — | 0 |
| CVE-2024-1300 A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate inste... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-25953 Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, ... | 6.0 | MEDIUM | — | 0 |
| CVE-2024-25954 Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leadi... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-25960 Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerab... | 7.3 | HIGH | — | 0 |
| CVE-2024-25963 Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-26655 In the Linux kernel, the following vulnerability has been resolved: Fix memory leak in posix_clock_open() If the clk ops.open() function returns an error, we don't release the pccontext we allocated... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26798 In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes when vc_... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-3296 A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryptio... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-3281 A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from ... | 8.8 | HIGH | — | 0 |
| CVE-2024-26822 In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamica... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-20358 A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authentica... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-25388 Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1657 A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in... | 8.1 | HIGH | — | 0 |
| CVE-2024-2467 A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful d... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-4056 Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. | 7.5 | HIGH | — | 0 |
| CVE-2023-48684 Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acron... | N/A | NONE | — | 0 |
| CVE-2024-2617 A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious acto... | 7.2 | HIGH | — | 0 |
| CVE-2024-23463 Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to ... | 8.8 | HIGH | — | 0 |
| CVE-2024-23457 The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior... | 7.8 | HIGH | — | 0 |
| CVE-2025-29481 Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert th... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-28798 An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41970 An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Con... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-41971 An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Win... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-37327 GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interacti... | 8.8 | HIGH | — | 0 |
| CVE-2023-37328 GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... | 8.8 | HIGH | — | 0 |
| CVE-2025-3572 SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. | 7.5 | HIGH | — | 0 |
| CVE-2023-37329 GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... | 8.8 | HIGH | — | 0 |
| CVE-2023-38103 GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inte... | 8.8 | HIGH | — | 0 |
| CVE-2023-38104 GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inte... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.