Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-50027 SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via Bap... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50991 Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | 7.5 | HIGH | β | 0 |
| CVE-2023-50612 Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | 7.8 | HIGH | β | 0 |
| CVE-2023-39853 SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-50609 Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-46953 SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51441 ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1... | 7.2 | HIGH | β | 0 |
| CVE-2023-50136 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-47145 IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 27... | 8.4 | HIGH | β | 0 |
| CVE-2024-22216 In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, wi... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-3328 Race condition in snap-confine's must_mkdir_and_open_with_perms() | 7.8 | HIGH | β | 0 |
| CVE-2023-5235 The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog... | 8.8 | HIGH | β | 0 |
| CVE-2023-5911 The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-47992 An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. | 8.8 | HIGH | β | 0 |
| CVE-2023-5957 The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary fi... | 7.2 | HIGH | β | 0 |
| CVE-2023-6042 Any unauthenticated user may send e-mail from the site with any title or content to the admin | 7.5 | HIGH | β | 0 |
| CVE-2023-6139 The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Deni... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-6141 The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stor... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-6161 The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-6505 The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. | 7.5 | HIGH | β | 0 |
| CVE-2023-6528 The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Cod... | 8.8 | HIGH | β | 0 |
| CVE-2023-6529 The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2500 A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of ... | 7.4 | HIGH | β | 0 |
| CVE-2023-6532 The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 8.8 | HIGH | β | 0 |
| CVE-2023-6555 The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be u... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-6627 The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-47890 pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | 8.8 | HIGH | β | 0 |
| CVE-2023-50982 Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote c... | 9.0 | CRITICAL | β | 0 |
| CVE-2023-51246 A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-47993 A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-52271 The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | 6.5 | MEDIUM | β | 0 |
| CVE-2023-27739 easyXDM 2.5 allows XSS via the xdm_e parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-49961 WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. | 7.5 | HIGH | β | 0 |
| CVE-2023-52073 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | 8.8 | HIGH | β | 0 |
| CVE-2023-52074 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | 8.8 | HIGH | β | 0 |
| CVE-2023-50162 SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. | 7.2 | HIGH | β | 0 |
| CVE-2023-50643 An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26998 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-26999 An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27000 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | 6.1 | MEDIUM | β | 0 |
| CVE-2023-27098 TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | 7.5 | HIGH | β | 0 |
| CVE-2023-36629 The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-39336 An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve ... | 8.8 | HIGH | β | 0 |
| CVE-2022-47915 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | HIGH | β | 0 |
| CVE-2023-49238 In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Althoug... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51717 Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2009-1071 Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file. | N/A | NONE | β | 0 |
| CVE-2023-49235 An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validat... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49236 A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38827 Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.