Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-3935 In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that m... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28875 A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force... | 8.1 | HIGH | — | 0 |
| CVE-2026-22364 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | — | 0 |
| CVE-2024-31151 A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force... | 8.1 | HIGH | — | 0 |
| CVE-2024-10557 A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48910 DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-8185 Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster joi... | 7.5 | HIGH | — | 0 |
| CVE-2024-10605 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-68531 Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons f... | 8.8 | HIGH | — | 0 |
| CVE-2024-50096 In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50098 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50099 In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are un... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50101 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50103 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50108 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50110 In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-in... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50115 In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bi... | 7.1 | HIGH | — | 0 |
| CVE-2024-50116 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file syste... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50117 In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50121 In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/n... | 7.8 | HIGH | — | 0 |
| CVE-2024-50124 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks... | 7.8 | HIGH | — | 0 |
| CVE-2024-50125 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks... | 7.8 | HIGH | — | 0 |
| CVE-2024-50126 In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-... | 7.8 | HIGH | — | 0 |
| CVE-2024-9902 A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a pri... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-50127 In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / ... | 7.8 | HIGH | — | 0 |
| CVE-2024-50128 In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global ou... | 7.1 | HIGH | — | 0 |
| CVE-2024-50131 In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If... | 7.8 | HIGH | — | 0 |
| CVE-2024-50133 In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If s... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68534 Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-50134 In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_poi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50136 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50138 In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Usi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-51115 DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-9681 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applicati... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-10081 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This byp... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-10082 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from... | 8.7 | HIGH | — | 0 |
| CVE-2024-50343 symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metachara... | 3.1 | LOW | — | 0 |
| CVE-2024-50345 symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters th... | 3.1 | LOW | — | 0 |
| CVE-2024-38286 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 t... | 8.6 | HIGH | — | 0 |
| CVE-2024-50141 In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-12727 A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code exec... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-50142 In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf79... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50143 In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later unin... | 7.8 | HIGH | — | 0 |
| CVE-2024-50145 In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-50146 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev p... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-29219 Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure o... | 7.8 | HIGH | — | 0 |
| CVE-2024-30220 Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request ... | 8.8 | HIGH | — | 0 |
| CVE-2024-32022 Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-32023 Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-32024 Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.