Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-50351 HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | 8.2 | HIGH | β | 0 |
| CVE-2023-45722 HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is lo... | 8.8 | HIGH | β | 0 |
| CVE-2024-42561 Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-45723 HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Β Certain endpoints permit users to manipulate the path (including the file name) where these file... | 7.6 | HIGH | β | 0 |
| CVE-2023-45724 HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. | 8.2 | HIGH | β | 0 |
| CVE-2023-50341 HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, whic... | 7.6 | HIGH | β | 0 |
| CVE-2023-50342 HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. Β A user can obtain certain details about another user as a result of improper access control. | 7.1 | HIGH | β | 0 |
| CVE-2023-50343 HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive informa... | 8.3 | HIGH | β | 0 |
| CVE-2023-50344 HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-42358 An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API co... | 7.7 | HIGH | β | 0 |
| CVE-2009-1069 Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arb... | N/A | NONE | β | 0 |
| CVE-2023-50922 An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory... | 7.2 | HIGH | β | 0 |
| CVE-2023-50921 An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6621 The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains... | 6.1 | MEDIUM | β | 0 |
| CVE-2009-1070 Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via ... | N/A | NONE | β | 0 |
| CVE-2023-37608 An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its ... | 7.5 | HIGH | β | 0 |
| CVE-2023-39655 A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to sen... | 9.6 | CRITICAL | β | 0 |
| CVE-2023-50092 APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 | MEDIUM | β | 0 |
| CVE-2023-37607 Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter. | 7.5 | HIGH | β | 0 |
| CVE-2023-50093 APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-45559 An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 8.2 | HIGH | β | 0 |
| CVE-2024-21911 TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaS... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-46929 An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | 7.5 | HIGH | β | 0 |
| CVE-2023-50090 Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5879 Usersβ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the atta... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-20805 Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary fi... | 3.3 | LOW | β | 0 |
| CVE-2024-0222 Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chr... | 8.8 | HIGH | β | 0 |
| CVE-2024-0223 Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2023-51154 Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-0224 Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2024-0225 Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2023-29962 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-52322 ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-50082 Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend ma... | 7.5 | HIGH | β | 0 |
| CVE-2023-6551 As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of t... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-0241 encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by send... | 7.5 | HIGH | β | 0 |
| CVE-2024-22075 Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-52323 PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-22086 handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51277 nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13878 IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13880 IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50027 SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via Bap... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50991 Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | 7.5 | HIGH | β | 0 |
| CVE-2023-50612 Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | 7.8 | HIGH | β | 0 |
| CVE-2023-39853 SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-50609 Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-46953 SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51441 ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1... | 7.2 | HIGH | β | 0 |
| CVE-2022-34917 A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on bro... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.