Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-0005 A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-37779 WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | 8.8 | HIGH | β | 0 |
| CVE-2024-8263 An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of Gi... | 2.7 | LOW | β | 0 |
| CVE-2024-4132 A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | β | 0 |
| CVE-2024-8770 A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineer... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8432 The Appointment & Event Booking Calendar Plugin β Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8544 The Pixel Cat β Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8657 The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-8662 The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9046 A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 7.8 | HIGH | β | 0 |
| CVE-2021-38963 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a sp... | 8.0 | HIGH | β | 0 |
| CVE-2022-43845 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability... | 3.7 | LOW | β | 0 |
| CVE-2023-5359 The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible... | 3.7 | LOW | β | 0 |
| CVE-2024-38324 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an ... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-41725 ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | 8.8 | HIGH | β | 0 |
| CVE-2024-43423 The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8419 VNote 2.2 has XSS via a new text note. | N/A | NONE | β | 0 |
| CVE-2024-43692 An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43693 A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-45066 A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-45373 Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | 8.8 | HIGH | β | 0 |
| CVE-2024-8801 The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8917 The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-10795 A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injec... | 7.3 | HIGH | β | 0 |
| CVE-2024-8940 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST reque... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-8941 Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the βsubpageβ parameter), which allows unauthenticated remote users to bypass SecurityM... | 7.5 | HIGH | β | 0 |
| CVE-2024-8942 Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the βid_form_msg_titleβ parameter, among others. This vulnerab... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-9142 External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44413 A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path... | 8.8 | HIGH | β | 0 |
| CVE-2024-9148 Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | 9.6 | CRITICAL | β | 0 |
| CVE-2024-8349 The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users... | 7.2 | HIGH | β | 0 |
| CVE-2024-8350 The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions u... | 2.7 | LOW | β | 0 |
| CVE-2024-48795 An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-8476 The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeven... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8483 The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticate... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8549 The Simple Calendar β Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all version... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7963 The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-59374 "UNSUPPORTED WHEN ASSIGNED"Β Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.Β The modified builds could cau... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-8621 The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficie... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8713 The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8741 The Beam me up Scotty β Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9024 The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sa... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9027 The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-25282 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | NONE | β | 0 |
| CVE-2024-25283 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | NONE | β | 0 |
| CVE-2024-25284 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | NONE | β | 0 |
| CVE-2025-10632 A security flaw has been discovered in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. T... | 3.5 | LOW | β | 0 |
| CVE-2024-9068 The OneElements β Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input san... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9069 The Graphicsly β The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9073 The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.