Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-27967 Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-29937 NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3652 The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler caus... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-32295 Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-25376 An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | 7.8 | HIGH | — | 0 |
| CVE-2024-25852 Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to o... | 8.8 | HIGH | — | 0 |
| CVE-2024-27592 Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-28458 Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | 7.5 | HIGH | — | 0 |
| CVE-2023-48865 An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-44852 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web f... | 8.2 | HIGH | — | 0 |
| CVE-2023-44853 \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-44854 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web f... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-44857 An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | 8.1 | HIGH | — | 0 |
| CVE-2023-44855 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of t... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-44856 Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-22734 An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in ... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-27309 While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administr... | 7.4 | HIGH | — | 0 |
| CVE-2024-25545 An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. | 7.8 | HIGH | — | 0 |
| CVE-2024-28718 An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31268 Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-31818 Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29461 An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-30845 Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-31839 Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | 4.8 | MEDIUM | — | 0 |
| CVE-2024-31391 Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootst... | 6.5 | MEDIUM | — | 0 |
| CVE-2008-6537 LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared f... | N/A | NONE | — | 0 |
| CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fi... | 8.6 | HIGH | — | 0 |
| CVE-2024-3701 The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | 9.8 | CRITICAL | — | 0 |
| CVE-2008-6538 DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | N/A | NONE | — | 0 |
| CVE-2024-31648 Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /cor... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-30656 An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame. | 7.5 | HIGH | — | 0 |
| CVE-2024-31651 A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-33806 Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands. | 7.8 | HIGH | — | 0 |
| CVE-2024-1739 lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insen... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-2260 A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authent... | 4.2 | MEDIUM | — | 0 |
| CVE-2024-31783 Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-31784 An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-50872 The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the e... | 7.5 | HIGH | — | 0 |
| CVE-2023-40000 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from ... | 8.3 | HIGH | — | 0 |
| CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM En... | 2.5 | LOW | — | 0 |
| CVE-2024-2309 The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-21004 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM En... | 2.5 | LOW | — | 0 |
| CVE-2024-21026 Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-21066 Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker h... | 4.2 | MEDIUM | — | 0 |
| CVE-2024-21084 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-21088 Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerabi... | 7.5 | HIGH | — | 0 |
| CVE-2024-21091 Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploita... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-21095 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.1... | 8.2 | HIGH | — | 0 |
| CVE-2024-21116 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low pri... | 7.8 | HIGH | — | 0 |
| CVE-2024-31759 An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.