CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2021-25043 The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 6.1 | MEDIUM | — | 0 |
| CVE-2021-25047 The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform suc... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-25051 The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading... | 8.8 | HIGH | — | 0 |
| CVE-2021-25052 The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus lea... | 8.8 | HIGH | — | 0 |
| CVE-2021-25053 The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to ... | 8.8 | HIGH | — | 0 |
| CVE-2021-25054 The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | 8.8 | HIGH | — | 0 |
| CVE-2021-43297 A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43949 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Field... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-46234 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | MEDIUM | — | 0 |
| CVE-2021-43951 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerabili... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-44458 Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate... | 8.3 | HIGH | — | 0 |
| CVE-2022-0156 vim is vulnerable to Use After Free | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0157 phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | MEDIUM | — | 0 |
| CVE-2022-0158 vim is vulnerable to Heap-based Buffer Overflow | 3.3 | LOW | — | 0 |
| CVE-2022-22114 In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the se... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-22115 In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low pr... | 9.0 | CRITICAL | — | 0 |
| CVE-2022-22116 In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inj... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-22117 In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged a... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-28679 A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | 8.8 | HIGH | — | 0 |
| CVE-2022-0174 Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-46236 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). | 5.5 | MEDIUM | — | 0 |
| CVE-2021-21408 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php... | 8.8 | HIGH | — | 0 |
| CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by... | 8.1 | HIGH | — | 0 |
| CVE-2022-0155 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21666 Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privil... | 7.2 | HIGH | — | 0 |
| CVE-2022-21668 pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially c... | 8.0 | HIGH | — | 0 |
| CVE-2022-21670 markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-21672 make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-25427 A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-35452 An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36408 An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0129 Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system ... | 7.4 | HIGH | — | 0 |
| CVE-2021-36409 There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the applic... | 7.8 | HIGH | — | 0 |
| CVE-2021-36410 A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-36411 An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability caus... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-36412 A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafte... | 7.8 | HIGH | — | 0 |
| CVE-2021-36414 A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | 7.8 | HIGH | — | 0 |
| CVE-2022-0144 shelljs is vulnerable to Improper Privilege Management | 7.1 | HIGH | — | 0 |
| CVE-2021-37195 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-37196 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-37197 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V... | 8.8 | HIGH | — | 0 |
| CVE-2021-41769 A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 device... | 7.5 | HIGH | — | 0 |
| CVE-2021-45033 A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All ve... | 8.8 | HIGH | — | 0 |
| CVE-2021-45034 A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All ve... | 7.5 | HIGH | — | 0 |
| CVE-2021-45460 A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to... | 8.1 | HIGH | — | 0 |
| CVE-2021-44647 Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-21669 PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-38991 IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953. | 7.8 | HIGH | — | 0 |
| CVE-2022-21671 @replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this librar... | 8.1 | HIGH | — | 0 |
| CVE-2020-28102 cscms v4.1 allows for SQL injection via the "js_del" function. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.