Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-22228 An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-35039 kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init... | 7.8 | HIGH | β | 0 |
| CVE-2021-20738 WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-20739 WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker ... | 8.8 | HIGH | β | 0 |
| CVE-2021-20776 Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20777 Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-20779 Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via u... | 8.8 | HIGH | β | 0 |
| CVE-2021-20780 Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 | HIGH | β | 0 |
| CVE-2021-22227 A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they c... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-22230 Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | 4.9 | MEDIUM | β | 0 |
| CVE-2021-22231 A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | 3.5 | LOW | β | 0 |
| CVE-2021-26035 An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26036 An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | 7.5 | HIGH | β | 0 |
| CVE-2021-26037 An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-26038 An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL f... | 7.5 | HIGH | β | 0 |
| CVE-2021-26039 An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-22224 A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | 7.1 | HIGH | β | 0 |
| CVE-2021-22225 Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 4.7 | MEDIUM | β | 0 |
| CVE-2021-25952 Prototype pollution vulnerability in βjust-safe-setβ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34620 The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in th... | 8.8 | HIGH | β | 0 |
| CVE-2021-34621 A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an admin... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34622 A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34623 A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34624 A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user re... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34625 A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-34626 A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affe... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-34627 A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This is... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-36212 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-20211 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an ass... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-20212 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-25925 Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-20213 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-20215 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid m... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-20216 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-20225 Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an asse... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24038 myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24141 Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote pa... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-24142 Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web appl... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24144 Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] p... | 8.6 | HIGH | β | 0 |
| CVE-2020-24145 Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted de... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-24146 Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fil... | 8.1 | HIGH | β | 0 |
| CVE-2020-24147 Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-24148 Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-24149 Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action t... | 7.5 | HIGH | β | 0 |
| CVE-2020-25868 Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). | 7.5 | HIGH | β | 0 |
| CVE-2021-22233 An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details | 4.3 | MEDIUM | β | 0 |
| CVE-2021-26273 The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. | 7.8 | HIGH | β | 0 |
| CVE-2021-26274 The Agent in NinjaRMM 5.0.909 has Insecure Permissions. | 7.1 | HIGH | β | 0 |
| CVE-2021-32506 Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-32507 Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has ... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.