Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-43759 A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affe... | 7.2 | HIGH | β | 0 |
| CVE-2023-0707 A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The man... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-45544 Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the ven... | 8.8 | HIGH | β | 0 |
| CVE-2011-10002 A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to ve... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-40224 A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. ... | 7.5 | HIGH | β | 0 |
| CVE-2023-24814 TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfilt... | 8.8 | HIGH | β | 0 |
| CVE-2022-40691 An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-40693 A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure... | 7.5 | HIGH | β | 0 |
| CVE-2023-22735 Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served ... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-24813 Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf p... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-0732 A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php o... | 3.5 | LOW | β | 0 |
| CVE-2011-10003 A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql in... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0696 Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2023-0697 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromiu... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0701 Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI... | 8.8 | HIGH | β | 0 |
| CVE-2023-0747 Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0702 Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via ... | 8.8 | HIGH | β | 0 |
| CVE-2023-0703 Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI in... | 8.8 | HIGH | β | 0 |
| CVE-2023-0728 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_fol... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0742 Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | 9.0 | CRITICAL | β | 0 |
| CVE-2023-0719 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This mak... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0735 Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0736 Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-24828 Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing nor... | 8.1 | HIGH | β | 0 |
| CVE-2018-9462 In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. ... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-0731 The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitizati... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-0685 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0716 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes i... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0020 SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, ther... | 8.5 | HIGH | β | 0 |
| CVE-2023-0024 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensiti... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0025 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensiti... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23851 SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If othe... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-23852 SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23859 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an uns... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23853 An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when c... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23854 SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in e... | 3.8 | LOW | β | 0 |
| CVE-2023-23855 SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or mod... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-23856 In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom applic... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-23858 Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-23860 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-24521 Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the cu... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-24522 Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by inj... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-24523 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery re... | 8.8 | HIGH | β | 0 |
| CVE-2023-24550 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer whil... | 7.8 | HIGH | β | 0 |
| CVE-2023-24524 SAP S/4 HANA Map Treasury Correspondence Format DataΒ does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to de... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24525 SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.Β On successful exploit... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-24528 SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. Th... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24529 Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-24530 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On s... | 8.4 | HIGH | β | 0 |
| CVE-2023-25614 SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed ... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.