Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-20704 Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25202 SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41833 Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42002 Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42847 Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43350 An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LD... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24666 The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1975 Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indust... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42774 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmw... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36547 A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30321 Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41264 OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementa... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39303 The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41553 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36879 Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41653 The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43617 Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16152 The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43082 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects A... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3705 Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18261 An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18262 ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18440 Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37002 There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41492 Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20701 Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRE... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42772 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26739 SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26226 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26740 Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36990 There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36378 An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43130 An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36989 There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36986 There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25367 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22474 There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25368 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40119 A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25210 Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25212 SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43693 vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22403 There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21690 Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25205 SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25209 SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25211 Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25213 SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21691 Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21692 FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.