Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2017-20089 A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The atta... | 3.5 | LOW | — | 0 |
| CVE-2017-20090 A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The... | 4.3 | MEDIUM | — | 0 |
| CVE-2017-20091 A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to ini... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-31009 wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multi... | 5.7 | MEDIUM | — | 0 |
| CVE-2022-34305 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data witho... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-2175 Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 | HIGH | — | 0 |
| CVE-2021-26636 Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | 8.8 | HIGH | — | 0 |
| CVE-2021-26637 There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device. | 8.8 | HIGH | — | 0 |
| CVE-2021-26638 Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of th... | 7.3 | HIGH | — | 0 |
| CVE-2021-29055 Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-40954 Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40955 SQL injection exists in LaiKetui v3.5.0 the background administrator list. | 7.2 | HIGH | — | 0 |
| CVE-2021-46824 Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-22980 A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value bi... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-31361 Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31362 Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintaine... | 8.8 | HIGH | — | 0 |
| CVE-2022-31395 Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua. | 8.8 | HIGH | — | 0 |
| CVE-2022-31787 IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32124 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32125 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32126 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32127 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32128 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32129 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32130 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-32131 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-40893 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | 7.5 | HIGH | — | 0 |
| CVE-2022-32534 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell com... | 8.8 | HIGH | — | 0 |
| CVE-2022-32535 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. | 4.8 | MEDIUM | — | 0 |
| CVE-2022-32536 The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administ... | 8.8 | HIGH | — | 0 |
| CVE-2022-32552 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Puri... | 8.8 | HIGH | — | 0 |
| CVE-2022-32553 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Puri... | 8.8 | HIGH | — | 0 |
| CVE-2022-34199 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32554 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Puri... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-33024 There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | 7.5 | HIGH | — | 0 |
| CVE-2022-33025 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33026 LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33027 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33028 LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33032 LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33033 LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33034 LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | 7.8 | HIGH | — | 0 |
| CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-33069 Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Ser... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-33092 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. | 7.5 | HIGH | — | 0 |
| CVE-2022-33093 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | 7.5 | HIGH | — | 0 |
| CVE-2022-33094 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | 7.5 | HIGH | — | 0 |
| CVE-2022-33095 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.