Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-27503 Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | 6.1 | MEDIUM | β | 0 |
| CVE-2022-27523 A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability i... | 7.1 | HIGH | β | 0 |
| CVE-2022-27524 An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerabilit... | 7.1 | HIGH | β | 0 |
| CVE-2022-27846 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-27847 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-41119 Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision c... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-0023 An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically craf... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-1345 Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking,... | 9.0 | CRITICAL | β | 0 |
| CVE-2022-1347 Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalati... | 8.4 | HIGH | β | 0 |
| CVE-2022-24788 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which ... | 7.1 | HIGH | β | 0 |
| CVE-2022-27479 Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1256 A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file action... | 7.8 | HIGH | β | 0 |
| CVE-2022-24818 GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to... | 8.2 | HIGH | β | 0 |
| CVE-2022-24828 Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control t... | 8.3 | HIGH | β | 0 |
| CVE-2022-24844 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_co... | 8.1 | HIGH | β | 0 |
| CVE-2022-24843 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of par... | 7.5 | HIGH | β | 0 |
| CVE-2022-24845 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. Thi... | 8.8 | HIGH | β | 0 |
| CVE-2022-24847 GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn ca... | 7.2 | HIGH | β | 0 |
| CVE-2021-43154 Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-1350 A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads t... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1279 A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-1351 Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-43287 An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | 7.5 | HIGH | β | 0 |
| CVE-2021-43286 An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" fe... | 8.8 | HIGH | β | 0 |
| CVE-2021-43288 An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-43289 An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control ... | 7.5 | HIGH | β | 0 |
| CVE-2021-43290 An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename bu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43633 Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-26507 A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810,... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27444 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27446 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | 7.5 | HIGH | β | 0 |
| CVE-2022-1257 Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sen... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-27447 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | 7.5 | HIGH | β | 0 |
| CVE-2022-27448 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | 7.5 | HIGH | β | 0 |
| CVE-2022-27451 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27455 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | 7.5 | HIGH | β | 0 |
| CVE-2022-27456 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27457 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. | 7.5 | HIGH | β | 0 |
| CVE-2021-45227 An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) a... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-45228 An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the t... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-1258 A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the b... | 8.4 | HIGH | β | 0 |
| CVE-2022-27007 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27008 nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. | 7.5 | HIGH | β | 0 |
| CVE-2022-22181 A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's br... | 8.0 | HIGH | β | 0 |
| CVE-2022-22182 A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the ... | 8.8 | HIGH | β | 0 |
| CVE-2022-22183 An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected rel... | 7.5 | HIGH | β | 0 |
| CVE-2021-21938 A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a ma... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.