Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-4084 A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP ... | 7.5 | HIGH | — | 0 |
| CVE-2024-5636 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-5317 The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5483 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_pe... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-5149 The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possib... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-4295 The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the u... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-2368 The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateFor... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-4088 The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-5222 The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploa... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-23669 An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTT... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-4939 The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5006 The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insuffici... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5439 The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and out... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5453 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-4743 The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and includi... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4821 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5571 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5536 The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input s... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-3716 A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage an... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-4001 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficie... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5526 Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafan... | 7.7 | HIGH | — | 0 |
| CVE-2024-3469 The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and out... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-5459 The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35673 Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-36837 SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | 7.5 | HIGH | — | 0 |
| CVE-2023-49927 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exy... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-4812 A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-5629 An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memor... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-24790 The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-20404 A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to ... | 7.2 | HIGH | — | 0 |
| CVE-2023-49928 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exy... | 7.5 | HIGH | — | 0 |
| CVE-2024-12372 A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromi... | N/A | NONE | — | 0 |
| CVE-2024-20405 A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulne... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-36129 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to cras... | 8.2 | HIGH | — | 0 |
| CVE-2024-5037 A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | 7.5 | HIGH | — | 0 |
| CVE-2024-5184 The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can ex... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-12373 A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. | N/A | NONE | — | 0 |
| CVE-2024-27370 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation che... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-27371 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation c... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-27374 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation ch... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-27375 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation c... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-36667 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close | 8.8 | HIGH | — | 0 |
| CVE-2024-5171 Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0912 Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to no... | 4.2 | MEDIUM | — | 0 |
| CVE-2023-6956 The EasyAzon – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘easyazon-cloaking-locale’ parameter in all versions up to, and including... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-6966 The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/c... | 8.1 | HIGH | — | 0 |
| CVE-2023-6968 The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX ... | 8.1 | HIGH | — | 0 |
| CVE-2024-0910 The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it acc... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2350 The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.