Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-30046 Visual Studio Denial of Service Vulnerability | 5.9 | MEDIUM | — | 0 |
| CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability | 7.6 | HIGH | — | 0 |
| CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability | 7.6 | HIGH | — | 0 |
| CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 | MEDIUM | — | 0 |
| CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2024-31488 An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 t... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-34082 Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `... | 8.5 | HIGH | — | 0 |
| CVE-2024-3483 Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | 7.8 | HIGH | — | 0 |
| CVE-2024-3484 Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. | 5.7 | MEDIUM | — | 0 |
| CVE-2024-3485 Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-3486 XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | 7.8 | HIGH | — | 0 |
| CVE-2024-3487 Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. | 3.5 | LOW | — | 0 |
| CVE-2024-3488 File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. | 5.6 | MEDIUM | — | 0 |
| CVE-2025-6874 A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/add_subscribe.php. The manipulation ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-3967 Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | 7.6 | HIGH | — | 0 |
| CVE-2024-3968 Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. | 7.8 | HIGH | — | 0 |
| CVE-2024-3970 Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-4200 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.7 | HIGH | — | 0 |
| CVE-2024-4202 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | 7.7 | HIGH | — | 0 |
| CVE-2024-4357 An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity P... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-3848 A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of ar... | 7.5 | HIGH | — | 0 |
| CVE-2013-6916 Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitra... | N/A | NONE | — | 0 |
| CVE-2023-24460 Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 8.2 | HIGH | — | 0 |
| CVE-2013-3921 Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | N/A | NONE | — | 0 |
| CVE-2013-5108 Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the logi... | N/A | NONE | — | 0 |
| CVE-2013-6267 Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidT... | N/A | NONE | — | 0 |
| CVE-2024-35786 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl c... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52662 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, includin... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52663 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52664 In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_f... | 7.8 | HIGH | — | 0 |
| CVE-2023-52667 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_a... | 7.8 | HIGH | — | 0 |
| CVE-2024-35806 In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35811 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.g... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35828 In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52679 In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the... | 7.8 | HIGH | — | 0 |
| CVE-2023-52691 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fail... | 7.8 | HIGH | — | 0 |
| CVE-2023-52698 In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35846 In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35847 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when i... | 7.8 | HIGH | — | 0 |
| CVE-2024-35850 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35851 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line disciplin... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35852 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the nu... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35855 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically tr... | 7.8 | HIGH | — | 0 |
| CVE-2024-35856 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't ... | 7.8 | HIGH | — | 0 |
| CVE-2024-9859 Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2024-35858 In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaim... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-4865 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-35864 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to ... | 7.8 | HIGH | — | 0 |
| CVE-2024-35868 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoi... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.