Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-34992 SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive informati... | 8.8 | HIGH | — | 0 |
| CVE-2024-36681 SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveD... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36683 SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via t... | 7.3 | HIGH | — | 0 |
| CVE-2023-6198 Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | 9.3 | CRITICAL | — | 0 |
| CVE-2024-22385 Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vC... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-6294 udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it t... | 3.9 | LOW | — | 0 |
| CVE-2023-5038 badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. a... | 7.5 | HIGH | — | 0 |
| CVE-2024-6295 udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retriev... | 3.9 | LOW | — | 0 |
| CVE-2024-6297 Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injecte... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-34141 Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-34142 Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-6105 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-6307 WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possib... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-31111 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-6299 Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timest... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-6300 Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction | 3.7 | LOW | — | 0 |
| CVE-2024-6301 Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs | 5.3 | MEDIUM | — | 0 |
| CVE-2024-6302 Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send... | 8.1 | HIGH | — | 0 |
| CVE-2024-6206 A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands wit... | 7.5 | HIGH | — | 0 |
| CVE-2024-6106 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-6303 Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-32111 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4... | 5.0 | MEDIUM | — | 0 |
| CVE-2022-48772 In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-38385 In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor whic... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-38661 In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39301 In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39461 In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_b... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39464 In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list an... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39465 In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and t... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39466 In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been perf... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39468 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadloc... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39470 In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential nul... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39471 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to a... | 7.1 | HIGH | — | 0 |
| CVE-2024-5805 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-0171 Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resour... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-5988 Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Aut... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5989 Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell A... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5990 Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on ... | 7.5 | HIGH | — | 0 |
| CVE-2024-37820 A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-6140 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-4883 In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-4884 In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execut... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5008 In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppP... | 8.8 | HIGH | — | 0 |
| CVE-2024-5009 In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | 8.4 | HIGH | — | 0 |
| CVE-2024-5010 In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitiv... | 7.5 | HIGH | — | 0 |
| CVE-2024-5011 In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality... | 7.5 | HIGH | — | 0 |
| CVE-2024-6304 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-7298 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-37843 Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37855 An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requ... | 8.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.