Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-39166 Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated... | 8.0 | HIGH | — | 0 |
| CVE-2021-39170 Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this is... | 8.0 | HIGH | — | 0 |
| CVE-2021-23426 This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. | 5.6 | MEDIUM | — | 0 |
| CVE-2021-23427 This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. | 8.6 | HIGH | — | 0 |
| CVE-2021-23428 This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the gene... | 8.6 | HIGH | — | 0 |
| CVE-2021-35215 Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | 8.9 | HIGH | — | 0 |
| CVE-2021-35216 Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP... | 8.9 | HIGH | — | 0 |
| CVE-2021-35218 Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could pote... | 8.9 | HIGH | — | 0 |
| CVE-2021-36002 Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context... | 5.0 | MEDIUM | — | 0 |
| CVE-2021-36025 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specia... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-5743 An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-36012 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can l... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36020 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigge... | 8.2 | HIGH | — | 0 |
| CVE-2021-36022 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privil... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36024 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection e... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-29367 A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. | 7.8 | HIGH | — | 0 |
| CVE-2021-36026 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that co... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36027 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36028 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin ... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36029 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could ... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36062 Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36030 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated... | 7.5 | HIGH | — | 0 |
| CVE-2021-36031 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with ... | 7.2 | HIGH | — | 0 |
| CVE-2021-36032 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insec... | 8.3 | HIGH | — | 0 |
| CVE-2021-36033 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges ca... | 9.1 | CRITICAL | — | 0 |
| CVE-2020-20799 JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36034 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36035 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36037 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36038 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated a... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36039 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can ab... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36040 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36041 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36042 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An att... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-36063 Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Ma... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36043 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin priv... | 8.0 | HIGH | — | 0 |
| CVE-2021-36044 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this v... | 7.5 | HIGH | — | 0 |
| CVE-2021-36049 Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36059 Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36061 Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability t... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-29851 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-36065 Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36066 Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current... | 7.8 | HIGH | — | 0 |
| CVE-2021-36067 Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36068 Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36069 Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the c... | 7.8 | HIGH | — | 0 |
| CVE-2021-36070 Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in... | 7.8 | HIGH | — | 0 |
| CVE-2021-36071 Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass ... | 3.3 | LOW | — | 0 |
| CVE-2021-36072 Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss... | 7.8 | HIGH | — | 0 |
| CVE-2021-36073 Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.