Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-40430 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-37898 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and r... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-37901 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding inst... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-41947 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is po... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-40645 FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebra... | 8.8 | HIGH | — | 0 |
| CVE-2024-42349 FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FO... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-41108 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the co... | 7.5 | HIGH | — | 0 |
| CVE-2024-41954 FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-7325 A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. ... | 7.8 | HIGH | — | 0 |
| CVE-2024-39837 Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. | 3.8 | LOW | — | 0 |
| CVE-2024-39839 Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-41144 Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-41162 Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a ... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-41926 Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId valu... | 2.7 | LOW | — | 0 |
| CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) all... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39627 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a thro... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-39629 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-39643 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects Registration... | 5.8 | MEDIUM | — | 0 |
| CVE-2024-39644 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Wi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-42458 server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-7204 Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a S... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-7323 Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulne... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-41127 Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attack... | 8.3 | HIGH | — | 0 |
| CVE-2024-7029 Commands can be injected over the network and executed without authentication. | 8.8 | HIGH | — | 0 |
| CVE-2024-41518 An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations a... | 7.5 | HIGH | — | 0 |
| CVE-2024-28298 SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other paramet... | 8.8 | HIGH | — | 0 |
| CVE-2024-38321 IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-F... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-7436 A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd l... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-7437 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the com... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-37286 APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the ... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-7438 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=show... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-6331 stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockT... | 7.5 | HIGH | — | 0 |
| CVE-2024-7454 A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php.... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-7455 A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-35143 IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without ... | 6.7 | MEDIUM | — | 0 |
| CVE-2024-7461 A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the compon... | 7.3 | HIGH | — | 0 |
| CVE-2024-39713 A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | 8.6 | HIGH | — | 0 |
| CVE-2024-41889 Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6117 A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary sys... | 8.8 | HIGH | — | 0 |
| CVE-2024-6118 A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to t... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-6498 The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6710 The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2937 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make impr... | 7.8 | HIGH | — | 0 |
| CVE-2024-4607 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make impr... | 7.8 | HIGH | — | 0 |
| CVE-2024-7383 A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traf... | 7.4 | HIGH | — | 0 |
| CVE-2024-6361 Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code executio... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-41958 mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated att... | 6.6 | MEDIUM | — | 0 |
| CVE-2024-41959 mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API lo... | 7.6 | HIGH | — | 0 |
| CVE-2024-41960 mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is exe... | 3.8 | LOW | — | 0 |
| CVE-2024-23657 Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vuln... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.