Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-45582 Memory corruption while validating number of devices in Camera kernel . | 7.8 | HIGH | — | 0 |
| CVE-2024-45584 Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 | HIGH | — | 0 |
| CVE-2024-43979 Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43980 Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-43981 Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: fro... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-43982 Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3. | 8.8 | HIGH | — | 0 |
| CVE-2024-43998 Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-44006 Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects W... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-44019 Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaig... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-44020 Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress an... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-44021 Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-44031 Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-44038 Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-44052 Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-47302 Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47308 Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47311 Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47314 Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through ... | 7.1 | HIGH | — | 0 |
| CVE-2024-47317 Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WP... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-47318 Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-47321 Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47358 Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47359 Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47361 Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a th... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-47362 Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48039 Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-O... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48044 Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-48045 Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-48289 An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-49256 Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-10659 A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthori... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-51432 Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized | 4.8 | MEDIUM | — | 0 |
| CVE-2024-10660 A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-10661 A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2024-10662 A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2024-22733 TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which c... | 7.5 | HIGH | — | 0 |
| CVE-2024-40490 An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function. | 7.5 | HIGH | — | 0 |
| CVE-2024-51377 An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields | 5.4 | MEDIUM | — | 0 |
| CVE-2024-51398 Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threat... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-51399 Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system con... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-41738 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the m... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-41741 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-41745 IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functional... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-48217 An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. | 8.8 | HIGH | — | 0 |
| CVE-2024-48352 Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | 7.5 | HIGH | — | 0 |
| CVE-2024-48410 Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-49770 `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Conte... | N/A | NONE | — | 0 |
| CVE-2024-51244 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | 8.8 | HIGH | — | 0 |
| CVE-2024-51245 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | 8.8 | HIGH | — | 0 |
| CVE-2024-51247 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.