Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-4823 Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and d... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0830 A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execu... | 8.7 | HIGH | — | 0 |
| CVE-2024-4853 Memory handling issue in editcap could cause denial of service via crafted capture file | 3.6 | LOW | — | 0 |
| CVE-2024-4854 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file | 6.4 | MEDIUM | — | 0 |
| CVE-2024-28165 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiali... | 8.1 | HIGH | — | 0 |
| CVE-2024-31486 A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-33004 SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see t... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34687 SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-33485 SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby ... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-35176 REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XM... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-27407 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() | 8.4 | HIGH | — | 0 |
| CVE-2024-35790 In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nod... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-23158 A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability ... | 7.8 | HIGH | — | 0 |
| CVE-2024-36048 QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which ma... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35869 In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mou... | 8.4 | HIGH | — | 0 |
| CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already ... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-35937 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fu... | 7.1 | HIGH | — | 0 |
| CVE-2024-36015 In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_sim... | 7.8 | HIGH | — | 0 |
| CVE-2024-35943 In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated mem... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35948 In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note ... | 8.4 | HIGH | — | 0 |
| CVE-2024-35956 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35963 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35964 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35965 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. | 7.1 | HIGH | — | 0 |
| CVE-2024-35966 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without c... | 7.1 | HIGH | — | 0 |
| CVE-2024-35976 In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-36845 An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-47247 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommoda... | 7.8 | HIGH | — | 0 |
| CVE-2021-47352 In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid dat... | 7.8 | HIGH | — | 0 |
| CVE-2021-47412 In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47421 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68024 Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by ... | 7.8 | HIGH | — | 0 |
| CVE-2023-52857 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Chan... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-34240 QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-47455 In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47489 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef63... | 7.8 | HIGH | — | 0 |
| CVE-2025-27836 An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47498 In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35475 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5410 Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-5411 Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below. | 8.8 | HIGH | — | 0 |
| CVE-2024-22641 TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | 7.5 | HIGH | — | 0 |
| CVE-2024-35226 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious ... | 7.3 | HIGH | — | 0 |
| CVE-2024-36014 In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5953 A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-36016 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mod... | 7.7 | HIGH | — | 0 |
| CVE-2024-36031 In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36890 In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will le... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.