Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-40923 Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40924 Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40925 Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] par... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40926 Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40927 Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40928 Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40968 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40969 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40970 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40971 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40972 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40973 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40975 Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to i... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41461 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode param... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41462 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID param... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41463 Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web scr... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41464 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parame... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41465 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel para... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41467 Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-38097 Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execut... | 7.8 | HIGH | β | 0 |
| CVE-2020-21012 Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21013 emlog v6.0.0 contains a SQL injection via /admin/comment.php. | 7.2 | HIGH | β | 0 |
| CVE-2020-21014 emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38096 Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitra... | 7.8 | HIGH | β | 0 |
| CVE-2021-38099 CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability t... | 7.8 | HIGH | β | 0 |
| CVE-2021-38103 IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achi... | 7.8 | HIGH | β | 0 |
| CVE-2021-38104 IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to acces... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41845 A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-21228 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-36298 Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to auth... | 8.1 | HIGH | β | 0 |
| CVE-2021-36309 Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius cre... | 7.1 | HIGH | β | 0 |
| CVE-2021-38098 Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution i... | 7.8 | HIGH | β | 0 |
| CVE-2021-38100 Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbi... | 7.8 | HIGH | β | 0 |
| CVE-2021-38101 CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability t... | 7.8 | HIGH | β | 0 |
| CVE-2021-38102 IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to acces... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38105 IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to acces... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38106 UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to acces... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38110 Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability ... | 7.8 | HIGH | β | 0 |
| CVE-2021-35506 Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41847 An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POS... | 8.8 | HIGH | β | 0 |
| CVE-2021-38107 CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to acces... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38108 Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability t... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38109 Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41862 AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24679 The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected C... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41864 prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds writ... | 7.8 | HIGH | β | 0 |
| CVE-2021-41861 The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the ... | 3.3 | LOW | β | 0 |
| CVE-2021-21704 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, s... | 5.0 | MEDIUM | β | 0 |
| CVE-2021-21705 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-24687 The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting ... | 4.8 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.