Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-41809 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities. | 3.5 | LOW | — | 0 |
| CVE-2021-31854 A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed in... | 7.7 | HIGH | — | 0 |
| CVE-2022-0282 Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-36342 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM... | 7.5 | HIGH | — | 0 |
| CVE-2021-36343 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM... | 7.5 | HIGH | — | 0 |
| CVE-2022-0338 Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-0355 Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. | 8.8 | HIGH | — | 0 |
| CVE-2022-0536 Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8. | 2.6 | LOW | — | 0 |
| CVE-2022-23631 superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson inp... | 9.0 | CRITICAL | — | 0 |
| CVE-2022-22528 SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to ... | 7.8 | HIGH | — | 0 |
| CVE-2022-0565 Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | 7.6 | HIGH | — | 0 |
| CVE-2022-0569 Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-0579 Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0580 Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | 7.1 | HIGH | — | 0 |
| CVE-2022-0588 Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | 7.1 | HIGH | — | 0 |
| CVE-2022-0611 Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | 6.3 | MEDIUM | — | 0 |
| CVE-2021-39298 A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used b... | 8.8 | HIGH | — | 0 |
| CVE-2022-0762 Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-25042 The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-0528 Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-1252 Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms lead... | 8.2 | HIGH | — | 0 |
| CVE-2022-1316 Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | 8.8 | HIGH | — | 0 |
| CVE-2022-28773 Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | 7.5 | HIGH | — | 0 |
| CVE-2021-41810 Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by... | 5.2 | MEDIUM | — | 0 |
| CVE-2021-26353 Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | 7.8 | HIGH | — | 0 |
| CVE-2026-23804 Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Bus... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-1650 Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | 8.1 | HIGH | — | 0 |
| CVE-2021-33069 Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denia... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29098 Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially ex... | 8.1 | HIGH | — | 0 |
| CVE-2022-2054 Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | 8.4 | HIGH | — | 0 |
| CVE-2022-31595 SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 | HIGH | — | 0 |
| CVE-2022-32156 In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by def... | 8.1 | HIGH | — | 0 |
| CVE-2022-31229 Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive inf... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-2290 Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-2368 Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-28771 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation... | 7.5 | HIGH | — | 0 |
| CVE-2022-1920 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap... | 7.8 | HIGH | — | 0 |
| CVE-2022-1921 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | 7.8 | HIGH | — | 0 |
| CVE-2022-1922 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a he... | 7.8 | HIGH | — | 0 |
| CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwri... | 7.8 | HIGH | — | 0 |
| CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite... | 7.8 | HIGH | — | 0 |
| CVE-2026-23805 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Me... | 7.6 | HIGH | — | 0 |
| CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to ... | 7.8 | HIGH | — | 0 |
| CVE-2022-2122 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending ... | 7.8 | HIGH | — | 0 |
| CVE-2022-36313 An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-33965 Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | 9.3 | CRITICAL | — | 0 |
| CVE-2022-2596 Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-2598 Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-31188 CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validatio... | 8.6 | HIGH | — | 0 |
| CVE-2022-2636 Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | 8.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.