Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-7863 The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary fi... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-7864 The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrar... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-8663 The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all ve... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8664 The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8665 The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8742 The Essential Addons for Elementor β Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-41867 After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-46045 Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2446 The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authent... | 7.2 | HIGH | β | 0 |
| CVE-2024-5869 The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficien... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6544 The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-42025 A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access... | 7.8 | HIGH | β | 0 |
| CVE-2024-44095 In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privilege... | 7.8 | HIGH | β | 0 |
| CVE-2024-44096 there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploit... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-3459 The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the pr... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-8271 The The FOX β Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the softw... | 7.3 | HIGH | β | 0 |
| CVE-2024-8479 The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'... | 7.3 | HIGH | β | 0 |
| CVE-2024-8669 The Backuply β Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, ... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-8724 The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8797 The WP Booking System β Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-3410 The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βcustomTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output esc... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-6482 The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on... | 8.8 | HIGH | β | 0 |
| CVE-2024-44060 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. | 7.1 | HIGH | β | 0 |
| CVE-2024-44062 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field T... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-44063 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2013-1550 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to Work... | N/A | NONE | β | 0 |
| CVE-2024-44053 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through... | 7.1 | HIGH | β | 0 |
| CVE-2013-1551 Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and av... | N/A | NONE | β | 0 |
| CVE-2024-45698 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inje... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-46937 An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows rem... | 7.5 | HIGH | β | 0 |
| CVE-2024-32034 decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-39910 decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-5170 The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-8043 The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8044 The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | MEDIUM | β | 0 |
| CVE-2024-8051 The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8052 The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8091 The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | MEDIUM | β | 0 |
| CVE-2024-44937 In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () han... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44563 Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44565 Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44942 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut he... | 7.8 | HIGH | β | 0 |
| CVE-2024-44556 Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-44558 Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34331 A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8162 A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Teln... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8166 A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the ar... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-41285 A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42816 A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-42818 A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the P... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.