Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-46453 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary com... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46452 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitra... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46233 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43033 An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46232 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary comman... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43035 An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and execute... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43036 An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46231 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46230 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands vi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46229 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46228 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands v... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46227 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46226 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45998 D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45990 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary comman... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45987 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45986 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27158 pearweb < 1.32 suffers from Deserialization of Untrusted Data. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24568 Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45742 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUER... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22049 The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-34423 A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45740 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin par... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27157 pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44738 Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44734 Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44735 Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44736 The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45738 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45733 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands vi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44882 D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44881 D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary command... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44090 An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44244 An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44245 An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44880 D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allow... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45330 An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44247 Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. T... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46061 An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24307 Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.) | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40390 An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send a... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42637 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44219 Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39070 IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Forc... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44278 Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24300 Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22928 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22929 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22930 A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23314 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.