Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-9679 A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-12668 Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory locatio... | 8.2 | HIGH | — | 0 |
| CVE-2024-37251 Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-54331 Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. | 7.1 | HIGH | — | 0 |
| CVE-2024-12653 A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manip... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12654 A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT H... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-54229 Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54249 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Edito... | 7.1 | HIGH | — | 0 |
| CVE-2024-54257 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3. | 7.1 | HIGH | — | 0 |
| CVE-2024-54279 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. | 7.5 | HIGH | — | 0 |
| CVE-2024-54283 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6... | 7.6 | HIGH | — | 0 |
| CVE-2024-54284 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6... | 7.6 | HIGH | — | 0 |
| CVE-2024-54285 Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-54348 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-11144 The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and pro... | 7.5 | HIGH | — | 0 |
| CVE-2024-12655 A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the compone... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12656 A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. T... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12657 A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-4762 An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | 7.8 | HIGH | — | 0 |
| CVE-2024-6001 An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevat... | 8.1 | HIGH | — | 0 |
| CVE-2024-12658 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the compon... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22742 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falldeaf WP ViewSTL allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through 1.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-12659 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the comp... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12660 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been declared as problematic. Affected by this vulnerability is the function 0x8001E018 in the library AscRegistryFi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-6002 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-12662 A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component I... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12663 A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argu... | 3.7 | LOW | — | 0 |
| CVE-2024-12664 A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipu... | 3.5 | LOW | — | 0 |
| CVE-2024-55864 Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious cont... | N/A | NONE | — | 0 |
| CVE-2024-12665 A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads t... | 3.5 | LOW | — | 0 |
| CVE-2024-12666 A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component U... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-12667 A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session ... | 3.7 | LOW | — | 0 |
| CVE-2024-55949 MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit ... | N/A | NONE | — | 0 |
| CVE-2024-55951 Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. T... | N/A | NONE | — | 0 |
| CVE-2024-55557 ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29671 Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55554 Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-12443 The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all v... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-56017 Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23. | 7.1 | HIGH | — | 0 |
| CVE-2024-11900 The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up t... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11902 The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11905 The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11906 The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-10205 Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hita... | 9.4 | CRITICAL | — | 0 |
| CVE-2020-12484 When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same na... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-38499 CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further ... | 8.8 | HIGH | — | 0 |
| CVE-2024-54125 Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnera... | N/A | NONE | — | 0 |
| CVE-2024-9624 The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. T... | 7.6 | HIGH | — | 0 |
| CVE-2021-26280 Locally installed application can bypass the permission check and perform system operations that require permission. | 7.9 | HIGH | — | 0 |
| CVE-2021-26281 Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.