CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2017-20035 A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation... | 3.5 | LOW | β | 0 |
| CVE-2017-20036 A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cros... | 3.5 | LOW | β | 0 |
| CVE-2021-42811 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on whi... | 3.3 | LOW | β | 0 |
| CVE-2022-32563 An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sy... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44117 A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | 8.8 | HIGH | β | 0 |
| CVE-2021-44582 A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | 8.8 | HIGH | β | 0 |
| CVE-2024-41168 Use after free in some Intel(R) PROSet/Wireless WiFi and KillerΓ’βΒ’ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent... | 7.4 | HIGH | β | 0 |
| CVE-2022-27502 RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. | 7.8 | HIGH | β | 0 |
| CVE-2022-31788 IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32978 There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22426 IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could ... | 3.3 | LOW | β | 0 |
| CVE-2022-22479 IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a use... | 8.8 | HIGH | β | 0 |
| CVE-2022-30610 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An adm... | 4.5 | MEDIUM | β | 0 |
| CVE-2022-30611 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabili... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-31769 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-29948 Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Norma... | 4.6 | MEDIUM | β | 0 |
| CVE-2022-31402 ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-17240 There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., user... | 7.5 | HIGH | β | 0 |
| CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | HIGH | β | 0 |
| CVE-2022-21211 This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with ty... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-24278 The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG fil... | 7.5 | HIGH | β | 0 |
| CVE-2022-24376 All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package.... | 7.2 | HIGH | β | 0 |
| CVE-2022-24429 The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show th... | 7.5 | HIGH | β | 0 |
| CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulner... | 7.1 | HIGH | β | 0 |
| CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. ... | 8.1 | HIGH | β | 0 |
| CVE-2022-25851 The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. | 7.5 | HIGH | β | 0 |
| CVE-2022-25863 The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default ... | 8.1 | HIGH | β | 0 |
| CVE-2022-29092 Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non... | 7.8 | HIGH | β | 0 |
| CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. A... | 7.1 | HIGH | β | 0 |
| CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticate... | 8.3 | HIGH | β | 0 |
| CVE-2022-32981 An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating poi... | 7.8 | HIGH | β | 0 |
| CVE-2021-41754 dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41755 dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41756 dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20037 A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-0786 The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20038 A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of ... | 6.3 | MEDIUM | β | 0 |
| CVE-2017-20039 A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20040 A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads ... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-41502 An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-41738 ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | 8.8 | HIGH | β | 0 |
| CVE-2021-44266 GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-30780 Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disru... | 7.5 | HIGH | β | 0 |
| CVE-2018-25034 A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation o... | 3.5 | LOW | β | 0 |
| CVE-2018-25035 A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAd... | 3.5 | LOW | β | 0 |
| CVE-2018-25036 A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of th... | 3.5 | LOW | β | 0 |
| CVE-2018-25037 A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument ... | 3.5 | LOW | β | 0 |
| CVE-2018-25038 A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName wit... | 3.5 | LOW | β | 0 |
| CVE-2018-25039 A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argumen... | 3.5 | LOW | β | 0 |
| CVE-2021-41749 In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.