Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-38229 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | 7.8 | HIGH | β | 0 |
| CVE-2022-31554 The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31555 The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31556 The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31557 The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31558 The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31559 The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31560 The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31561 The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31562 The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31563 The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31564 The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31565 The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31566 The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 8.6 | HIGH | β | 0 |
| CVE-2022-31567 The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31568 The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-31570 The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31571 The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-32323 AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. | 7.3 | HIGH | β | 0 |
| CVE-2022-32389 Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | 7.5 | HIGH | β | 0 |
| CVE-2022-32406 GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-32409 A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP reque... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32415 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. | 8.8 | HIGH | β | 0 |
| CVE-2022-32416 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. | 7.2 | HIGH | β | 0 |
| CVE-2022-32417 PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34092 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-34093 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-34094 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-2418 A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload.... | 8.0 | HIGH | β | 0 |
| CVE-2022-2419 A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestric... | 8.0 | HIGH | β | 0 |
| CVE-2022-2420 A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted uplo... | 8.0 | HIGH | β | 0 |
| CVE-2022-1881 In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-29890 In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-35261 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the ... | 7.3 | HIGH | β | 0 |
| CVE-2020-36550 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36551 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36552 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36553 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-30242 Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then... | 6.8 | MEDIUM | β | 0 |
| CVE-2022-30243 Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use... | 8.8 | HIGH | β | 0 |
| CVE-2022-30244 Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verif... | 8.0 | HIGH | β | 0 |
| CVE-2022-30245 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user wit... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-34951 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31107 Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Gra... | 7.1 | HIGH | β | 0 |
| CVE-2020-35305 Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-23141 ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in... | 7.5 | HIGH | β | 0 |
| CVE-2022-23201 Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable ... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-2146 The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resu... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.