Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-18698 Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18699 Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-18701 Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token up... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18702 Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-18703 XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18704 Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-0114 Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dn... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22932 An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously be... | 7.5 | HIGH | β | 0 |
| CVE-2021-22933 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-22934 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflo... | 7.2 | HIGH | β | 0 |
| CVE-2021-0579 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges ne... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-22935 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | 7.2 | HIGH | β | 0 |
| CVE-2021-22936 A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-22937 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | 7.2 | HIGH | β | 0 |
| CVE-2021-22938 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. | 7.2 | HIGH | β | 0 |
| CVE-2021-22939 If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would h... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-22940 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 7.5 | HIGH | β | 0 |
| CVE-2021-32822 The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulner... | 4.0 | MEDIUM | β | 0 |
| CVE-2021-32825 bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbo... | 2.7 | LOW | β | 0 |
| CVE-2021-34641 The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-34642 The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in vers... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-0580 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges ne... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34643 The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scr... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34644 The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitr... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34649 The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to i... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34651 The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in ver... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34652 The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34653 The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scr... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34654 The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject a... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34655 The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34656 The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file whi... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34657 The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34658 The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34659 The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web sc... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34663 The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to in... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34664 The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scri... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34665 The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34666 The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versi... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34667 The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-37707 Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds f... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38315 The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-21859 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processi... | 8.8 | HIGH | β | 0 |
| CVE-2021-21860 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an im... | 8.8 | HIGH | β | 0 |
| CVE-2021-21861 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specia... | 8.8 | HIGH | β | 0 |
| CVE-2021-37708 Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older ve... | 8.8 | HIGH | β | 0 |
| CVE-2021-0581 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges ne... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38608 Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. | 7.8 | HIGH | β | 0 |
| CVE-2021-32826 Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands ... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.