Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-41799 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. | 7.5 | HIGH | — | 0 |
| CVE-2021-41800 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query beca... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41801 The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (d... | 8.8 | HIGH | — | 0 |
| CVE-2021-41830 It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to upda... | 7.5 | HIGH | — | 0 |
| CVE-2021-41831 It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41832 It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4... | 7.5 | HIGH | — | 0 |
| CVE-2021-35059 OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-35060 /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-40889 CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-23514 Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-24545 The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24546 The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low... | 8.8 | HIGH | — | 0 |
| CVE-2021-24563 The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript f... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-24576 The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24577 The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode p... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24651 The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possibl... | 7.5 | HIGH | — | 0 |
| CVE-2021-24656 The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allow... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-23528 Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1. | 8.8 | HIGH | — | 0 |
| CVE-2021-24711 The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack | 8.8 | HIGH | — | 0 |
| CVE-2021-24712 The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24719 The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-24720 The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24737 The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users ... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-40884 Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user wit... | 8.1 | HIGH | — | 0 |
| CVE-2021-40886 Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-40887 Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40888 Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through ... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-29004 rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an ... | 8.8 | HIGH | — | 0 |
| CVE-2021-29005 Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gai... | 8.8 | HIGH | — | 0 |
| CVE-2021-29006 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-40542 Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-40543 Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40191 Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong respo... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-40541 PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-0583 In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User e... | 7.3 | HIGH | — | 0 |
| CVE-2021-27664 Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27665 An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. | 7.5 | HIGH | — | 0 |
| CVE-2021-37123 There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently vali... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39317 A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check ... | 8.8 | HIGH | — | 0 |
| CVE-2021-20121 The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary f... | 4.0 | MEDIUM | — | 0 |
| CVE-2021-20122 The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker con... | 7.2 | HIGH | — | 0 |
| CVE-2021-22263 An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user acc... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-25633 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i... | 7.5 | HIGH | — | 0 |
| CVE-2021-26588 A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low co... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27002 NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | 7.5 | HIGH | — | 0 |
| CVE-2021-42252 An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwri... | 7.8 | HIGH | — | 0 |
| CVE-2021-32028 A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highes... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-41117 keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. A... | 8.7 | HIGH | — | 0 |
| CVE-2020-27372 A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-25738 Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | 6.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.