Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-4450 The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack ... | 8.8 | HIGH | β | 0 |
| CVE-2021-4451 The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization ... | 6.6 | MEDIUM | β | 0 |
| CVE-2022-4971 The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and inclu... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-4972 The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.... | 7.5 | HIGH | β | 0 |
| CVE-2022-4973 WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisti... | 4.9 | MEDIUM | β | 0 |
| CVE-2016-15042 The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20193 The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output es... | 4.7 | MEDIUM | β | 0 |
| CVE-2017-20194 The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for un... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-36840 The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX ... | 7.3 | HIGH | β | 0 |
| CVE-2020-36842 The Migration, Backup, Staging β WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX... | 8.8 | HIGH | β | 0 |
| CVE-2021-4452 The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitizati... | 7.1 | HIGH | β | 0 |
| CVE-2023-22649 A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user... | 8.4 | HIGH | β | 0 |
| CVE-2024-45462 The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-20463 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-45693 Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain pri... | 8.0 | HIGH | β | 0 |
| CVE-2024-45714 Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with usersβ permissions can modify a variable with a payload. | 4.8 | MEDIUM | β | 0 |
| CVE-2024-9061 The The WP Popup Builder β Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all ver... | 7.3 | HIGH | β | 0 |
| CVE-2024-9540 The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-32189 Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | 5.9 | MEDIUM | β | 0 |
| CVE-2024-50579 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible | 4.6 | MEDIUM | β | 0 |
| CVE-2024-49268 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a t... | 7.1 | HIGH | β | 0 |
| CVE-2024-20420 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-20421 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery ... | 7.1 | HIGH | β | 0 |
| CVE-2024-20460 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site script... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-20462 A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view p... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-49593 In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-9213 The Ψ§ΩΨ²ΩΩΩ ΩΎΫΨ§Ω Ϊ© ΩΩΪ©Ψ§Ω Ψ±Ψ³ Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-6728 Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configura... | 3.3 | LOW | β | 0 |
| CVE-2024-49579 In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | 8.1 | HIGH | β | 0 |
| CVE-2005-10003 A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possib... | 5.6 | MEDIUM | β | 0 |
| CVE-2024-10073 A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4584 A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmissio... | 3.1 | LOW | β | 0 |
| CVE-2026-39367 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic Program Guide) feature parses XML from user-controlled URLs and renders programme titles directly int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-39369 WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... | 7.6 | HIGH | β | 0 |
| CVE-2024-49400 Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10093 A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation l... | 7.8 | HIGH | β | 0 |
| CVE-2024-10014 The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on use... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-10040 The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_aj... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-10049 The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βpageβ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanit... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-10119 The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-39370 WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions suc... | 7.1 | HIGH | β | 0 |
| CVE-2024-8790 The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, a... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-49368 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, caus... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8916 The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9361 The Bulk images optimizer: Resize, optimize, convert to webp, rename β¦ plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configurat... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-6057 A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product ... | 7.4 | HIGH | β | 0 |
| CVE-2024-47486 There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-10120 A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argumen... | 7.3 | HIGH | β | 0 |
| CVE-2024-9593 The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'e... | 8.3 | HIGH | β | 0 |
| CVE-2024-10121 A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ ... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.