Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-9515 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument cur... | 8.8 | HIGH | β | 0 |
| CVE-2024-45143 Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | β | 0 |
| CVE-2024-25707 There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-38039 There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbi... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-44439 An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-43686 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects Tim... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-43687 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-47764 cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be ... | N/A | NONE | β | 0 |
| CVE-2024-7801 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvid... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-37868 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received usin... | 8.8 | HIGH | β | 0 |
| CVE-2024-37869 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using t... | 8.8 | HIGH | β | 0 |
| CVE-2024-47910 An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exf... | 7.2 | HIGH | β | 0 |
| CVE-2024-47848 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from... | N/A | NONE | β | 0 |
| CVE-2024-47840 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawi... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-47845 Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.... | 8.2 | HIGH | β | 0 |
| CVE-2024-47846 Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 8.8 | HIGH | β | 0 |
| CVE-2018-5979 SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. | N/A | NONE | β | 0 |
| CVE-2024-47847 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue aff... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-47849 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Car... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-47841 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - ... | 7.5 | HIGH | β | 0 |
| CVE-2024-9455 The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitiza... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-8743 The Bit File Manager β 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-9532 A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulati... | 8.8 | HIGH | β | 0 |
| CVE-2025-10670 A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2025-10671 A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\J... | 3.7 | LOW | β | 0 |
| CVE-2025-10672 A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryH... | 7.8 | HIGH | β | 0 |
| CVE-2025-10673 A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of t... | 7.3 | HIGH | β | 0 |
| CVE-2025-10674 A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper auth... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-9533 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2024-9534 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of... | 8.8 | HIGH | β | 0 |
| CVE-2024-9535 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWCon... | 8.8 | HIGH | β | 0 |
| CVE-2024-47382 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through <= ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-9549 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. ... | 8.8 | HIGH | β | 0 |
| CVE-2024-45245 Diebold Nixdorf β CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 7.8 | HIGH | β | 0 |
| CVE-2024-9550 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2025-48703 CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A ... | 9.0 | CRITICAL | KEV | 0 |
| CVE-2022-4404 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2024-47372 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-9551 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manip... | 8.8 | HIGH | β | 0 |
| CVE-2024-9552 A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipula... | 8.8 | HIGH | β | 0 |
| CVE-2024-48775 An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 7.5 | HIGH | β | 0 |
| CVE-2024-9553 A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2024-45246 Diebold Nixdorf β CWE-427: Uncontrolled Search Path Element | 7.3 | HIGH | β | 0 |
| CVE-2024-45247 Sonarr β CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7958 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-9467 A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9554 A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of t... | 3.7 | LOW | β | 0 |
| CVE-2011-3402 Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2... | 8.8 | HIGH | KEV | 0 |
| CVE-2024-44029 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. | 7.1 | HIGH | β | 0 |
| CVE-2013-1554 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vecto... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.