CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-32993 IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication ... | 8.1 | HIGH | β | 0 |
| CVE-2021-33017 The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. | 8.1 | HIGH | β | 0 |
| CVE-2021-35232 Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queri... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-43548 Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safe... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-43550 The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Cente... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-43552 The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-43857 Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45906 OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-4161 The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP we... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45890 basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20943 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-20944 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-20945 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | 8.8 | HIGH | β | 0 |
| CVE-2020-20946 Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-20948 An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | 7.5 | HIGH | β | 0 |
| CVE-2021-45895 Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-43858 MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a us... | 8.8 | HIGH | β | 0 |
| CVE-2021-45884 In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying e... | 7.5 | HIGH | β | 0 |
| CVE-2021-45896 Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | 8.8 | HIGH | β | 0 |
| CVE-2020-21236 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | 8.8 | HIGH | β | 0 |
| CVE-2020-21237 An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21238 An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45909 An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boun... | 7.8 | HIGH | β | 0 |
| CVE-2021-45910 An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control o... | 7.8 | HIGH | β | 0 |
| CVE-2021-45911 An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. | 7.8 | HIGH | β | 0 |
| CVE-2021-20873 Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior... | 8.1 | HIGH | β | 0 |
| CVE-2021-4177 livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | 5.3 | MEDIUM | β | 0 |
| CVE-2021-4179 livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | MEDIUM | β | 0 |
| CVE-2021-35031 A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands v... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-35032 A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. | 6.4 | MEDIUM | β | 0 |
| CVE-2021-40579 https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote). | 6.5 | MEDIUM | β | 0 |
| CVE-2018-17875 A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | 8.8 | HIGH | β | 0 |
| CVE-2019-20082 ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37400 An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37401 An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45425 Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45903 A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attac... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45812 NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to ses... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45813 SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking an... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45814 Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42583 A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. | 7.5 | HIGH | β | 0 |
| CVE-2021-43554 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2021-43556 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2020-22057 The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensit... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-22061 SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. | 7.8 | HIGH | β | 0 |
| CVE-2020-7878 An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7883 Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37098 Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. | 7.5 | HIGH | β | 0 |
| CVE-2021-44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with... | 6.6 | MEDIUM | β | 0 |
| CVE-2021-44160 Carinal Tien Hospital Health Report Systemβs login page has improper authentication, a remote attacker can acquire another general userβs privilege by modifying the cookie parameter without authentica... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.