Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-28618 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28619 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28620 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28621 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2022-28013 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_employee_edit.php. | 8.8 | HIGH | β | 0 |
| CVE-2020-28622 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28623 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28624 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28625 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2022-30428 In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | 7.5 | HIGH | β | 0 |
| CVE-2020-28626 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28627 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28628 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28629 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2022-29316 Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28630 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28631 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28632 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28633 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2022-28014 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_edit.php. | 8.8 | HIGH | β | 0 |
| CVE-2020-28634 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-28635 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-35629 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-35630 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2022-28015 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php. | 8.8 | HIGH | β | 0 |
| CVE-2020-35631 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-35632 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confus... | 8.8 | HIGH | β | 0 |
| CVE-2020-6099 An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow res... | 7.8 | HIGH | β | 0 |
| CVE-2021-23284 Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton I... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-27526 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead t... | 7.8 | HIGH | β | 0 |
| CVE-2021-23285 Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eato... | 3.1 | LOW | β | 0 |
| CVE-2021-23286 Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Man... | 5.7 | MEDIUM | β | 0 |
| CVE-2021-3503 A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-3624 There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | 7.8 | HIGH | β | 0 |
| CVE-2022-27529 A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2021-3681 A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-1341 An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c. | 7.5 | HIGH | β | 0 |
| CVE-2022-23975 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-23976 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | HIGH | β | 0 |
| CVE-2022-25226 ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-27525 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with... | 7.8 | HIGH | β | 0 |
| CVE-2022-27652 A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-27853 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | 4.8 | MEDIUM | β | 0 |
| CVE-2021-25120 The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-0661 The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or java... | 7.2 | HIGH | β | 0 |
| CVE-2022-0737 The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ... | 4.8 | MEDIUM | β | 0 |
| CVE-2022-0765 The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, ... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-0780 The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform ... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-0785 The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to una... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0879 The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.