Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-46703 In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template con... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0845 Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43193 In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24720 image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations tha... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43136 An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46384 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41081 Zoho ManageEngine Network Configuration Manager before ο»Ώο»Ώ125465 is vulnerable to SQL Injection in a configuration search. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41193 wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of servi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40521 Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36166 An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of cer... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4039 A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12775 Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to per... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45414 A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3064 A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potent... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40520 Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43086 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in fun... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0412 The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL stateme... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23873 pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23874 pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23877 pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23878 pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25096 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25095 Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25263 JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25262 In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25064 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25061 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25060 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24442 JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41080 Zoho ManageEngine Network Configuration Manager before ο»Ώο»Ώ125465 is vulnerable to SQL Injection in a hardware details search. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33816 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blo... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22434 There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22433 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43573 A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Associati... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41833 Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42002 Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42847 Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22432 There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43350 An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LD... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22431 There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22430 There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22429 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22426 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22480 The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24340 In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45977 JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, Ruby... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24331 In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1975 Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indust... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42774 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmw... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39363 Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.