Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-8102 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ... | 8.8 | HIGH | β | 0 |
| CVE-2024-8104 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes i... | 8.8 | HIGH | β | 0 |
| CVE-2024-8106 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. T... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-8117 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βselected_optionβ parameter in all versions up to, and including, 3.0.8 du... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-8119 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insuffic... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-6855 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8121 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() functi... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8123 The The Ultimate WordPress Toolkit β WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-8289 The MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capabi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7821 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2024-8413 Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/ra... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-44383 WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. | 6.8 | MEDIUM | β | 0 |
| CVE-2024-7834 A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unpri... | 7.8 | HIGH | β | 0 |
| CVE-2024-8407 A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the fi... | 3.5 | LOW | β | 0 |
| CVE-2024-8408 A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-44820 A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7076 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue af... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7077 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7078 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8409 A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-48777 LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | 7.5 | HIGH | β | 0 |
| CVE-2024-8410 A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argum... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-44808 An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45050 Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user load... | 7.1 | HIGH | β | 0 |
| CVE-2024-45052 Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an ... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-45053 Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering en... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-45074 IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) t... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-45076 IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-8391 In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).Β This is fixe... | 7.5 | HIGH | β | 0 |
| CVE-2024-8412 A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-20440 A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log fil... | 7.5 | HIGH | β | 0 |
| CVE-2024-20503 A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-8414 A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cr... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-8415 A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /routers/add-ticket.php. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-8416 A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-44956 In the Linux kernel, the following vulnerability has been resolved: drm/xe/preempt_fence: enlarge the fence critical section It is really easy to introduce subtle deadlocks in preempt_fence_work_fun... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44957 In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44964 In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restorin... | 7.8 | HIGH | β | 0 |
| CVE-2024-44978 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. ... | 7.8 | HIGH | β | 0 |
| CVE-2024-44981 In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error whe... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44992 In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: cifsglob.h:line ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44993 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 38... | 7.1 | HIGH | β | 0 |
| CVE-2024-44996 In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced wit... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44997 In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band ... | 7.8 | HIGH | β | 0 |
| CVE-2024-8472 Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-45399 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-45395 sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bund... | 3.1 | LOW | β | 0 |
| CVE-2024-2166 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Emai... | 8.8 | HIGH | β | 0 |
| CVE-2024-45692 Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. | 7.5 | HIGH | β | 0 |
| CVE-2024-7627 The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessib... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.