Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-47773 Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects... | 8.2 | HIGH | — | 0 |
| CVE-2024-47780 TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/grou... | 3.1 | LOW | — | 0 |
| CVE-2024-45179 An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was... | 7.2 | HIGH | — | 0 |
| CVE-2024-9675 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to ... | 7.8 | HIGH | — | 0 |
| CVE-2024-47884 foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's data... | N/A | NONE | — | 0 |
| CVE-2024-46528 An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged aut... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-45271 An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | 8.4 | HIGH | — | 0 |
| CVE-2024-48913 Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies th... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-22029 Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | 7.8 | HIGH | — | 0 |
| CVE-2024-29155 On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a sec... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-6333 Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. | 7.2 | HIGH | — | 0 |
| CVE-2024-41974 A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | 7.1 | HIGH | — | 0 |
| CVE-2024-43689 Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48982 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be regist... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-38002 The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does n... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-20377 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack aga... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-5155 The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-33375 LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33377 LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with cr... | 8.1 | HIGH | — | 0 |
| CVE-2024-36656 In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-37644 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | 8.8 | HIGH | — | 0 |
| CVE-2024-33373 An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37641 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | 8.8 | HIGH | — | 0 |
| CVE-2024-37642 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37643 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | 8.8 | HIGH | — | 0 |
| CVE-2024-37645 TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | 8.8 | HIGH | — | 0 |
| CVE-2024-38395 In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38467 Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | 7.5 | HIGH | — | 0 |
| CVE-2024-37081 The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues... | 7.8 | HIGH | — | 0 |
| CVE-2024-38396 An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), all... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-34451 Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is tha... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37621 StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. | 7.2 | HIGH | — | 0 |
| CVE-2024-37661 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37662 TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by se... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-37840 SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the Lesson... | 8.8 | HIGH | — | 0 |
| CVE-2024-42571 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37821 An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | 8.8 | HIGH | — | 0 |
| CVE-2023-50900 Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35765 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-47770 Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | 7.6 | HIGH | — | 0 |
| CVE-2024-38581 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_m... | 7.8 | HIGH | — | 0 |
| CVE-2024-5475 The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which co... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-38902 H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48740 In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the co... | 7.8 | HIGH | — | 0 |
| CVE-2024-37222 Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. | 7.1 | HIGH | — | 0 |
| CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-37818 Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive i... | 8.6 | HIGH | — | 0 |
| CVE-2024-29390 Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parame... | 7.3 | HIGH | — | 0 |
| CVE-2024-36071 Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-32229 FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | 8.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.