Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-46461 VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, ... | 8.0 | HIGH | β | 0 |
| CVE-2024-44073 The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. | 7.5 | HIGH | β | 0 |
| CVE-2026-33978 Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip me... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-43248 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | 8.6 | HIGH | β | 0 |
| CVE-2024-43249 Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-43250 Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | 7.1 | HIGH | β | 0 |
| CVE-2024-7926 A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to pat... | 7.3 | HIGH | β | 0 |
| CVE-2024-7927 A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argu... | 7.3 | HIGH | β | 0 |
| CVE-2024-7928 A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulat... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-7936 A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the ar... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-7937 A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the a... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-7942 A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the arg... | 3.5 | LOW | β | 0 |
| CVE-2024-7943 A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-5763 The The Plus Addons for Elementor β Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute wit... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6575 The The Plus Addons for Elementor β Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βres_width_valueβ parame... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6864 The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtemplateβ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-41697 Priority -Β CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 | MEDIUM | β | 0 |
| CVE-2024-41698 Priority β CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 | MEDIUM | β | 0 |
| CVE-2024-41699 Priority β CWE-552: Files or Directories Accessible to External Parties | 4.4 | MEDIUM | β | 0 |
| CVE-2024-41700 Barix β CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | 7.5 | HIGH | β | 0 |
| CVE-2024-42334 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-42568 School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41657 Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any ... | 8.1 | HIGH | β | 0 |
| CVE-2024-41658 Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerab... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-42361 Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it execu... | 7.5 | HIGH | β | 0 |
| CVE-2024-42362 Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. | 8.8 | HIGH | β | 0 |
| CVE-2024-43396 Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-43862 In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. While i... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43872 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core stay... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43874 In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVE... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-42939 A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configu... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35000 ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPat... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2737 A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended action... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34717 OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-48898 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-48867 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at the time the ... | 7.8 | HIGH | β | 0 |
| CVE-2022-48868 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded an... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48869 In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in t... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-48870 In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48871 In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo... | 7.1 | HIGH | β | 0 |
| CVE-2022-48872 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->... | 7.0 | HIGH | β | 0 |
| CVE-2022-48873 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc... | 7.8 | HIGH | β | 0 |
| CVE-2022-48874 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex ... | 7.8 | HIGH | β | 0 |
| CVE-2022-48875 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthen... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48876 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta prope... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48877 In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr ... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48878 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device ove... | 7.8 | HIGH | β | 0 |
| CVE-2022-48879 In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime servic... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-48881 In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the ... | 7.1 | HIGH | β | 0 |
| CVE-2022-48882 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) ... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.